/
CTL_SSL_CIPHER_LIST - UEM Manager configuration option

CTL_SSL_CIPHER_LIST - UEM Manager configuration option

Mar 07, 2023

 Description

The CTL_SSL_CIPHER_LIST option specifies the acceptable and preferred SSL/TLS cipher suites to use for the control session between UEM components. The SSL/TLS protocol uses the cipher suites to specify which encryption and message authentication (or message digest) algorithms to use.

The UEM Manager can request one or more SSL/TLS ciphers, listed in order of preference. The list is forwarded to the UEM Server, which compares it to a list of SSL/TLS ciphers it is capable of accepting, and the first agreed-upon cipher is chosen.

 Usage

Method

Syntax

IBM i

HP NonStop

UNIX

Windows

z/OS

Method

Syntax

IBM i

HP NonStop

UNIX

Windows

z/OS

Command Line, Short Form

n/a











Command Line, Long Form

-ctl_ssl_cipher_list cipherlist





Environment Variable

UEMCTLSSLCIPHERLIST=cipherlist







Configuration File Keyword

ctl_ssl_cipher_list cipherlist





Values

cipherlist is a comma-separated list of SSL/TLS cipher suites. The following table identifies the list of SSL/TLS cipher suites supported for this option.

The list is in default order, with the most preferred suite first and the least preferred suite last.
 

Cipher Suite Name

Description

Cipher Suite Name

Description

AES256-GCM-SHA384

256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

AES256-SHA

256-bit AES encryption with SHA-1 message digest.

AES128-GCM-SHA256

128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

AES128-SHA

128-bit AES encryption with SHA-1 message digest.

ECDHE-RSA-AES256-GCM-SHA384

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

ECDHE-ECDSA-AES256-GCM-SHA384

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

ECDHE-RSA-AES128-GCM-SHA256

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

ECDHE-ECDSA-AES128-GCM-SHA256

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

RC4-SHA

128-bit RC4 encryption with SHA-1 message digest.

RC4-MD5

128-bit RC4 encryption with MD5 message digest.

DES-CBC3-SHA

128-bit Triple-DES encryption with SHA-1 message digest.

DES-CBC-SHA
                                     

128-bit DES encryption with SHA-1 message digest.
 

Note

As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX.
 
Additionally, any Agents on HP-UX that accept connections from, or attempt connections to, Agents on other platforms must be configured with at least one currently supported cipher suite besides DES-CBC-SHA. Therefore, those HP-UX Agents cannot be configured only with DES-CBC-SHA in their list of cipher suites.