DATA_SSL_CIPHER_LIST - UDM Server configuration option
Description
The DATA_SSL_CIPHER_LIST option specifies the acceptable and preferred SSL/TLS cipher suites to use for the data session on which file data is transferred between UDM primary and secondary servers.
The SSL/TLS protocol uses the cipher suites to specify which encryption and message authentication (or message digest) algorithms to use.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Configuration File Keyword | data_ssl_cipher_list list |
Values
list is a comma-separated list of SSL/TLS cipher suites. The cipher suites should be listed with the most preferred cipher suite first and the least preferred cipher suite last.
Cipher Suite Name | Description |
---|---|
AES256-GCM-SHA384 | 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest. |
AES256-SHA | 256-bit AES encryption with SHA-1 message digest. |
AES128-GCM-SHA256 | 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest. |
AES128-SHA | 128-bit AES encryption with SHA-1 message digest. |
RC4-SHA | 128-bit RC4 encryption with SHA-1 message digest. |
RC4-MD5 | 128-bit RC4 encryption with MD5 message digest. |
DES-CBC3-SHA | 128-bit Triple-DES encryption with SHA-1 message digest. |
DES-CBC-SHA | 128-bit DES encryption with SHA-1 message digest. Note As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX. |
NULL-SHA256 | No encryption and SHA-2 256-bit message digest. |
NULL-SHA | No encryption and SHA-1 message digest. |
NULL-MD5 | No encryption and MD5 message digest. |
NULL-NULL | No encryption, no data authentication, SSL/TLS is not used; instead, Universal V2 Protocol (UNVv2) is used. |
Default is AES256-GCM-SHA384,AES256-SHA,AES128-GCM-SHA256,AES128-SHA,RC4-SHA,RC4-MD5,DES-CBC3-SHA,NULL-SHA,NULL-SHA256,NULL-MD5.
Note
In order to establish a transfer session without using SSL for the data session, the NULL-NULL cipher must be specified in the cipher list for any UDM Server involved in the session and in the encrypt option of the open command.