SSL cipher specifications
When an SSL connection is established, the client (web browser) and the web server negotiate the cipher to use for the connection. The web server has an ordered list of ciphers, and the first cipher in the list that is supported by the client is selected.
Introduction
View the list of current of SSL ciphers.
Attention: This list of ciphers could change
as a result of updates to industry standards. You can determine the list of ciphers supported in a
particular version of IBM® HTTP Server by configuring it to
load mod_ibm_ssl and running
bin/apachectl -t -f path/to/httpd.conf
-DDUMP_SSL_CIPHERS
.Avoid trouble:
- Ciphers should be enabled via their "long name".
- Ciphers containing "ECDHE_RSA" in their name use a standard RSA certificate and can coexist with older RSA ciphers and clients.
- Ciphers containing "ECDHE_ECDSA" in their name requires an ECC (Elliptic Curve Cryptography) certificate/key to be created (with gskcapicmd if you are running on a distributed platform, or gskkyman if you are running on z/OS®).
- On z/OS, ICSF must be available to use
ECDHE, ECDSA, and AES-GCM ciphers. See
RACF® CSFSERV Resource Requirements
in the z/OS Cryptographic Services System SSL Programming for more information.
SSL and TLS ciphers
Attention: SSL and TLS cipher values:
- "- "= cipher that is not valid for the protocol
- "d" = cipher is enabled by default
- "y" = cipher is valid but not enabled by default
- "d*"= cipher is enabled by default on distributed platforms, and enabled on z/OS only if basic ICSF services are available at startup.
- "y*"= In prior maintenance levels, cipher was enabled by default
("d" or"d*").
- cipher is valid but not enabled by default.
- cipher is valid but only enabled by default if ICSF is not available.
For transitioning users: To improve security, IBM HTTP Server Version 9.0 disables weak SSL ciphers, export SSL ciphers, and
the SSL Version 2 and Version 3 protocols by default. SSL Version 2, weak ciphers, and export
ciphers are generally unsuitable for production SSL workloads on the internet and are flagged by
security scanners. To enable ciphers, use the SSLCipherSpec directive.
Short name | Long name | Key size (bits) | FIPS | TLSv11 | TLSv12 | TLSv13 |
---|---|---|---|---|---|---|
1301 | TLS_AES_128_GCM_SHA256 | 128 | Y | - | - |
d |
1302 | TLS_AES_256_GCM_SHA384 | 256 | Y | - | - |
d |
1303 | TLS_CHACHA20_POLY1305_SHA256 | 256 | - | - | - |
d |
1304 | TLS_AES_128_CCM_SHA256 | 128 | Y | - | - |
y |
1305 | TLS_AES_128_CCM_8_SHA256 | 128 | Y | - | - |
y |
C030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 256 | Y | - | d* | |
C02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 128 | Y | - | d* | |
C028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 256 | Y | - | d* | |
C027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 128 | Y | - | d* | |
C014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 256 | Y | - | d* | |
C013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 128 | Y | - | d* | |
9D | TLS_RSA_WITH_AES_256_GCM_SHA384 | 256 | Y | - | y* | |
9C | TLS_RSA_WITH_AES_128_GCM_SHA256 | 128 | Y | - | y* | |
3D | TLS_RSA_WITH_AES_256_CBC_SHA256 | 256 | Y | - | y* | |
3C | TLS_RSA_WITH_AES_128_CBC_SHA256 | 128 | Y | - | y* | |
35b | TLS_RSA_WITH_AES_256_CBC_SHA | 256 | Y | y* | y* | |
2F | TLS_RSA_WITH_AES_128_CBC_SHA | 128 | Y | y* | y* | |
C009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 128 | Y | - | d* | |
C00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 256 | Y | - | d* | |
C023 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | 128 | Y | - | d* | |
C024 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 256 | Y | - | d* | |
C02C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 256 | Y | - | d* | |
C02B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | 128 | Y | - | d* |
Note: The
TLSv10
and TLSv11
protocols are not
enabled by default after IBM HTTP Server versions 9.0.5.9. and 8.5.5.20.Important: 3DES ciphers are disabled by default on IBM HTTP Server
versions 9.0.0.6 and later.
Weaker ciphers, not enabled by default:
Short name | Long name | Key size (bits) | FIPS | TLSv11 | TLSv12 |
---|---|---|---|---|---|
C010 | TLS_ECDHE_RSA_WITH_NULL_SHA | 0 | Y | - | Y |
C008 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 168 | Y | - | Y |
C012 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 168 | Y | - | Y |
3A | SSL_RSA_WITH_3DES_EDE_CBC_SHA | 168 | Y | Y | Y |
C007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 128 | Y | - | Y |
C011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | 128 | Y | - | Y |
35 | SSL_RSA_WITH_RC4_128_SHA | 128 | - | Y | Y |
34 | SSL_RSA_WITH_RC4_128_MD5 | 128 | - | Y | - |
39 | SSL_RSA_WITH_DES_CBC_SHA | 56 | - | y | - |
33 | SSL_RSA_EXPORT_WITH_RC4_40_MD5 | 40 | - | - | - |
36 | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 40 | - | - | - |
62 | TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA | 56 | - | - | - |
64 | TLS_RSA_EXPORT1024_WITH_RC4_56_SHA | 56 | - | - | - |
32 | SSL_RSA_WITH_NULL_SHA | 0 | - | y | y |
31 | SSL_RSA_WITH_NULL_MD5 | 0 | - | y | - |
3B | TLS_RSA_WITH_NULL_SHA256 | 0 | Y | - | y |
30 | SSL_NULL_WITH_NULL_NULL | 0 | - | y | y |
27 | SSL_DES_192_EDE3_CBC_WITH_MD5 | 168 | - | - | - |
21 | SSL_RC4_128_WITH_MD5 | 128 | - | - | - |
23 | SSL_RC2_CBC_128_CBC_WITH_MD5 | 128 | - | - | - |
26 | SSL_DES_64_CBC_WITH_MD5 | 56 | - | - | - |
24 | SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 | 40 | - | - | - |
22 | SSL_RC4_128_EXPORT40_WITH_MD5 | 40 | - | - | - |
FE | SSL_RSA_FIPS_WITH_DES_CBC_SHA | 56 | - | - | - |
FF | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | 168 | - | - | - |