/
DATA_SSL_CIPHER_LIST - UDM Server configuration option

DATA_SSL_CIPHER_LIST - UDM Server configuration option

Feb 02, 2024

Description

The DATA_SSL_CIPHER_LIST option specifies the acceptable and preferred SSL/TLS cipher suites to use for the data session on which file data is transferred between UDM primary and secondary servers.

The SSL/TLS protocol uses the cipher suites to specify which encryption and message authentication (or message digest) algorithms to use.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

Configuration File Keyword

data_ssl_cipher_list list

Values

list is a comma-separated list of SSL/TLS cipher suites. The cipher suites should be listed with the most preferred cipher suite first and the least preferred cipher suite last.

Cipher Suite Name

Description

Cipher Suite Name

Description

AES256-GCM-SHA384

256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

AES256-SHA

256-bit AES encryption with SHA-1 message digest.

AES128-GCM-SHA256

128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

AES128-SHA

128-bit AES encryption with SHA-1 message digest.

ECDHE-RSA-AES256-GCM-SHA384

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

ECDHE-ECDSA-AES256-GCM-SHA384

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest.

ECDHE-RSA-AES128-GCM-SHA256

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

ECDHE-ECDSA-AES128-GCM-SHA256

Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest.

RC4-SHA

128-bit RC4 encryption with SHA-1 message digest.

RC4-MD5

128-bit RC4 encryption with MD5 message digest.

DES-CBC3-SHA

128-bit Triple-DES encryption with SHA-1 message digest.

DES-CBC-SHA
                                     

128-bit DES encryption with SHA-1 message digest.
 

Note

As of Universal Agent 6.7.0.0, DES-CBC-SHA is supported only on HP-UX.
 
Additionally, any Agents on HP-UX that accept connections from, or attempt connections to, Agents on other platforms must be configured with at least one currently supported cipher suite besides DES-CBC-SHA. Therefore, those HP-UX Agents cannot be configured only with DES-CBC-SHA in their list of cipher suites.

NULL-SHA256

No encryption and SHA-2 256-bit message digest.

NULL-SHA

No encryption and SHA-1 message digest.

NULL-MD5

No encryption and MD5 message digest.

NULL-NULL

No encryption, no data authentication, SSL/TLS is not used; instead, Universal V2 Protocol(UNVv2) is used.

 

Default is AES256-GCM-SHA384,AES256-SHA,AES128-GCM-SHA256,AES128-SHA,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,RC4-SHA,RC4-MD5,DES-CBC3-SHA,NULL-SHA,NULL-SHA256,NULL-MD5.

Note

In order to establish a transfer session without using SSL for the data session, the NULL-NULL cipher must be specified in the cipher list for any UDM Server involved in the session and in the encrypt option of the open command.