CTL_SSL_CIPHER_LIST - UCMD Manager configuration option
Description
The CTL_SSL_CIPHER_LIST option specifies one or more SSL/TLS cipher suites that are acceptable to use for network communications on the control session, which is used for component internal communication.
CTL_SSL_CIPHER_LIST also can be used to disable the SSL/TLS protocol.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
|---|---|---|---|---|---|
Command Line, Short Form | n/a | ||||
Command Line, Long Form | -ctl_ssl_cipher_list cipherlist | ||||
Environment Variable | UCMDCTLSSLCIPHERLIST=cipherlist | ||||
Configuration File Keyword | ctl_ssl_cipher_list cipherlist | ||||
STRUCM Parameter | CTLCPHRLST(cipherlist) |
Values
cipherlist is a comma-separated list of SSL/TLS cipher suites. The following table identifies the list of SSL/TLS cipher suites supported for this option.
The list is in default order, with the most preferred suite first and the least preferred suite last.
Cipher Suite Name | Description |
|---|---|
AES256-GCM-SHA384 | 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest. |
AES256-SHA | 256-bit AES encryption with SHA-1 message digest. |
AES128-GCM-SHA256 | 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest. |
AES128-SHA | 128-bit AES encryption with SHA-1 message digest. |
ECDHE-RSA-AES256-GCM-SHA384 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest. |
ECDHE-ECDSA-AES256-GCM-SHA384 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest. |
ECDHE-RSA-AES128-GCM-SHA256 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, RSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest. |
ECDHE-ECDSA-AES128-GCM-SHA256 | Ephemeral Elliptic Curve Diffie-Hellman Key Exchange, ECDSA authentication, 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest. |
RC4-SHA | 128-bit RC4 encryption with SHA-1 message digest. |
RC4-MD5 | 128-bit RC4 encryption with MD5 message digest. |
DES-CBC3-SHA | 128-bit Triple-DES encryption with SHA-1 message digest. |
NULL-SHA256 | No encryption and SHA-2 256-bit message digest. |
NULL-SHA | No encryption and SHA-1 message digest. |
NULL-MD5 | No encryption and MD5 message digest. |
NULL-NULL | No encryption, no data authentication, SSL is not used; instead, Universal V2 Protocol (UNVv2) is used. |
A single value of NULL-NULL instead of the list disables the SSL/TLS protocol. The legacy Universal Products (UNVv2) protocol without encryption and message authentication is used instead of SSL/TLS.
No data privacy or data integrity is provided with the UNVv2 network communications protocol.
NULL-NULL can be specified if the UCMD Server ENCRYPT_CONTROL_SESSION configuration option value is no.