Description
The CTL_SSL_CIPHER_LIST SUITES option specifies one or more SSL/TLS 1.3 specific cipher suites that are acceptable to use for network communications on the control session, which is used for component internal communication.CTL_SSL_CIPHER_LIST also can be used to disable the SSL/TLS protocol
Info |
---|
This option is specific to TLS 1.3. To configure ciphers for TLS 1.2 and earlier, see the |
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Command Line, Short Form | n/a | ||||
Command Line, Long Form | -ctl_ssl_cipher_list suites cipherlist |
|
| ||
Environment Variable | UCMDCTLSSLCIPHERLIST UCMDCTLSSLCIPHERSUITES=cipherlist |
|
| ||
Configuration File Keyword | ctl_ssl_cipher_list suites cipherlist |
| STRUCM Parameter CTLCPHRLST(cipherlist) |
Note |
---|
The option is NOT currently supported on HP-UX |
Values
cipherlist is a comma-separated list of SSL/TLS 1.3 specific cipher suites. The following table identifies the list of SSL/TLS cipher suites supported for this optionlist should be ordered with the most preferred suite first and the least preferred suite last.
The list is in default order, with the most preferred suite first and the least preferred suite last.
Cipher Suite |
---|
Description |
---|
TLS_AES_256_GCM_SHA384 | 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest |
AES256-SHA
256-bit AES encryption with SHA-1 message digest.
AES128-GCM-SHA256
128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.
AES128-SHA
128-bit AES encryption with SHA-1 message digest.
TLS_CHACHA20_POLY1305_SHA256 | 256-bit CHACHA encryption with POLY1305 message authentication, SHA-2 256-bit message digest |
TLS_AES_128_GCM_SHA256 | 128-bit AES encryption in Galois Counter Mode, SHA-2 256 |
RC4-SHA
128-bit RC4 encryption with SHA-1 message digest.
RC4-MD5
128-bit RC4 encryption with MD5 message digest.
DES-CBC3-SHA
-bit |
message digest |
DES-CBC-SHA
128-bit DES encryption with SHA-1 message digest.
Note | ||
---|---|---|
| ||
As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX. |
NULL-SHA256
No encryption and SHA-2 256-bit message digest.
NULL-SHA
No encryption and SHA-1 message digest.
NULL-MD5
No encryption and MD5 message digest.
NULL-NULL
No encryption, no data authentication, SSL is not used; instead, Universal V2 Protocol (UNVv2) is used.
A single value of NULL-NULL instead of the list disables the SSL/TLS protocol. The legacy Universal Products (UNVv2) protocol without encryption and message authentication is used instead of SSL/TLS.
No data privacy or data integrity is provided with the UNVv2 network communications protocol.
...