CTL_SSL_CIPHER_SUITES - UDM Manager configuration option
Description
The CTL_SSL_CIPHER_SUITES option specifies one or more SSL/TLS 1.3 specific cipher suites to use for the control session between UDM components, or it can be used to disable the SSL/TLS protocol.
This option is specific to TLS 1.3. To configure ciphers for TLS 1.2 and earlier, see the ctl_ssl_cipher_list
option.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
Command Line, Short Form | n/a | ||||
Command Line, Long Form | -ctl_ssl_cipher_suites list | ||||
Environment Variable | UDMCTLSSLCIPHERSUITES=list | ||||
Configuration File Keyword | ctl_ssl_cipher_suites list |
The option is NOT currently supported on HP-UX
Values
list is a comma-separated list of SSL/TLS cipher suites. The following table identifies the list of SSL/TLS cipher suites supported for this option.
The list is in default order, with the most preferred suite first and the least preferred suite last.
Cipher Suite | Description |
---|---|
TLS_AES_256_GCM_SHA384 | 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest |
TLS_CHACHA20_POLY1305_SHA256 | 256-bit CHACHA encryption with POLY1305 message authentication, SHA-2 256-bit message digest |
TLS_AES_128_GCM_SHA256 | 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest |