SSL Cipher Suites
System SSL has the infrastructure to support multiple cipher suites.
The cipher suites are specified in different ways for each programming
interface. The following cipher suites that are shown with the system
value format, can be supported by System SSL:
- *RSA_AES_128_CBC_SHA256
- *RSA_AES_256_CBC_SHA256
- *RSA_NULL_SHA256
- *RSA_NULL_MD5
- *RSA_NULL_SHA
- *RSA_EXPORT_RC4_40_MD5
- *RSA_RC4_128_MD5
- *RSA_RC4_128_SHA
- *RSA_EXPORT_RC2_CBC_40_MD5
- *RSA_DES_CBC_SHA
- *RSA_3DES_EDE_CBC_SHA
- *RSA_AES_128_CBC_SHA
- *RSA_AES_256_CBC_SHA
- *RSA_RC2_CBC_128_MD5
- *RSA_DES_CBC_MD5
- *RSA_3DES_EDE_CBC_MD5
Shipped SSL supported cipher specification list
A cipher specification list contains a list of cipher suites. System SSL ships with 10 cipher suites supported. Administrators can control the ciphers that are supported by System SSL with system values QSSLCSL and QSSLCSLCTL. A cipher suite cannot be supported if the SSL protocol it requires is not also supported.
The following cipher suites
are shipped as supported by System SSL:
The supported cipher specification list is affected by the
SSL protocols that are supported by the system as well changes made
to the system value QSSLCSL. You can display the value of QSSLCSL
to see the cipher specification list on your system.- *RSA_AES_256_CBC_SHA
- *RSA_AES_128_CBC_SHA
- *RSA_RC4_128_SHA
- *RSA_RC4_128_MD5
- *RSA_3DES_EDE_CBC_SHA
- *RSA_DES_CBC_SHA
- *RSA_EXPORT_RC4_40_MD5
- *RSA_EXPORT_RC2_CBC_40_MD5
- *RSA_NULL_SHA
- *RSA_NULL_MD5
Shipped SSL default cipher specification list
The
following displays the order of the shipped default cipher specification
list:
- *RSA_AES_128_CBC_SHA
- *RSA_AES_256_CBC_SHA
Two
more cipher suites can be added to the list if TLSv1.2 is enabled
on the system and enabled by the applications:
- *RSA_AES_128_CBC_SHA256
- *RSA_AES_256_CBC_SHA256
The following table shows the cipher specifications that are supported for each protocol version. The supported cipher specifications for each protocol are indicated by the "X" in the appropriate column.
QSSLCSL System Value Representation | TLSv1.2 | TLSv1.1 | TLSv1.0 | SSLv3 | SSLv2 |
---|---|---|---|---|---|
*RSA_AES_256_CBC_SHA256 | X | ||||
*RSA_AES_128_CBC_SHA256 | X | ||||
*RSA_AES_256_CBC_SHA | X | X | X | ||
*RSA_AES_128_CBC_SHA | X | X | X | ||
*RSA_3DES_EDE_CBC_SHA | X | X | X | X | |
*RSA_RC4_128_SHA | X | X | X | X | |
*RSA_RC4_128_MD5 | X | X | X | X | X |
*RSA_DES_CBC_SHA | X | X | X | ||
*RSA_EXPORT_RC4_40_MD5 | X | X | X | ||
*RSA_EXPORT_RC2_CBC_40_MD5 | X | X | X | ||
*RSA_NULL_SHA256 | X | ||||
*RSA_NULL_SHA | X | X | X | X | |
*RSA_NULL_MD5 | X | X | X | X | |
*RSA_RC2_CBC_128_MD5 | X | ||||
*RSA_3DES_EDE_CBC_MD5 | X | ||||
*RSA_DES_CBC_MD5 | X |