Question & Answer
Question
How do we access new CIPHERS for TLS 1.2?
Answer
The cipher suite names provided on the Cipher-Suite Selection Panel screen are not representative of any TLS version. Any of the cipher suite names listed can be used with TLS 1.2; however not all of the suite names listed can be used with TLS 1.0 or TLS 1.1. There are 2 types of ciphers: SHA-1 and SHA-2. TLS 1.0, TLS 1.1 and SSL will only work with SHA-1 ciphers, while TLS 1.2 can use both SHA-1 and SHA-2 ciphers.
If you have PTF UI30614 applied, the following SHA-1 ciphers should be indicated to have been deprecated when you bring up the Cipher-Suite Selection Panel screen:
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
The following are the SHA-1 ciphers that can still be specified:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
The remaining ciphers in the Cipher-Suite Selection Panel screen are SHA-2.
Historical Number
PMR 41085,227,000
Was this topic helpful?
Document Information
Modified date:
17 May 2022
UID
ibm10730351