Versions Compared

Old Version 1

changes.mady.by.user Stonebranch

Saved on

compared with

New Version Current

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
1201961
1201961
Description

Anchor
1201962
1201962
The CTL_SSL_CIPHER_LIST option specifies the acceptable and preferred SSL/TLS cipher suites to use for the control session between UEM components. The SSL/TLS protocol uses the cipher suites to specify which encryption and message authentication (or message digest) algorithms to use.

Anchor
1201963
1201963
The UEM Manager can request one or more SSL/TLS ciphers, listed in order of preference. The list is forwarded to the UEM Server, which compares it to a list of SSL/TLS ciphers it is capable of accepting, and the first agreed-upon cipher is chosen.

Anchor
1201964
1201964
Usage

Anchor
1202036
1202036

Method

Syntax

IBM i

HP NonStop

UNIX

Windows

z/OS

Command Line, Short Form

n/a






Command Line, Long Form

-ctl_ssl_cipher_list cipherlist



(tick)

(tick)

(tick)

Environment Variable

UEMCTLSSLCIPHERLIST=cipherlist



(tick)

(tick)


Configuration File Keyword

ctl_ssl_cipher_list cipherlist



(tick)

(tick)

(tick)

Values

cipherlist is a comma-separated list of SSL/TLS cipher suites. The following table identifies the list of SSL/TLS cipher suites supported for this option.

The list is in default order, with the most preferred suite first and the least preferred suite last.
 

Cipher Suite Name

Description

AES256-GCM-SHA384

256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

AES256-SHA

256-bit AES encryption with SHA-1 message digest.

AES128-GCM-SHA256

128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

AES128-SHA

128-bit AES encryption with SHA-1 message digest.

ECDHE-RSA-AES256-GCM-SHA384Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.
ECDHE-ECDSA-AES256-GCM-SHA384Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.
ECDHE-RSA-AES128-GCM-SHA256Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.
ECDHE-ECDSA-AES128-GCM-SHA256Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

RC4-SHA

128-bit RC4 encryption with SHA-1 message digest.

RC4-MD5

128-bit RC4 encryption with MD5 message digest.

DES-CBC3-SHA

128-bit Triple-DES encryption with SHA-1 message digest.

DES-CBC-SHA
                                     

128-bit DES encryption with SHA-1 message digest.
 

Note
titleNote

As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX.
 
Additionally, any Agents on HP-UX that accept connections from, or attempt connections to, Agents on other platforms must be configured with at least one currently supported cipher suite besides DES-CBC-SHA. Therefore, those HP-UX Agents cannot be configured only with DES-CBC-SHA in their list of cipher suites.