CTL_SSL_CIPHER_LIST - UBROKER configuration option
Description
The CTL_SSL_CIPHER_LIST option specifies one or more SSL/TLS cipher suites that are acceptable to use for network communications on the control session, which is used for component internal communication.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Configuration File Keyword | ctl_ssl_cipher_list cipherlist |
Values
cipherlist is a comma-separated list of SSL/TLS cipher suites. The list should be ordered with the most preferred suite first and the least preferred suite last.
The following table identifies the list of SSL/TLS cipher suites supported for this option.
Cipher Suite | Description |
---|---|
AES256-GCM-SHA384 | 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest. |
AES256-SHA | 256-bit AES encryption and SHA-1 message digest. |
AES128-GCM-SHA256 | 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest. |
AES128-SHA | 128-bit AES encryption and SHA-1 message digest. |
ECDHE-RSA-AES256-GCM-SHA384 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest. |
ECDHE-ECDSA-AES256-GCM-SHA384 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest. |
ECDHE-RSA-AES128-GCM-SHA256 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest. |
ECDHE-ECDSA-AES128-GCM-SHA256 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest. |
RC4-SHA | 128-bit RC4 encryption and SHA-1 message digest. |
RC4-MD5 | 128-bit RC4 encryption and MD5 message digest. |
DES-CBC3-SHA | 128-bit Triple-DES encryption and SHA-1 message digest. |
DES-CBC-SHA | 128-bit DES encryption with SHA-1 message digest. Note As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX. |
Default is AES256-GCM-SHA384,AES256-SHA,AES128-GCM-SHA256,AES128-SHA,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,RC4-SHA,RC4-MD5,DES-CBC3-SHA.