What are the encryption algorithms that IBM Personal Communications version 6.0 supports?
This is to document the encryption algorithms that Personal Communications supports.
IBM Personal Communications version 6 uses two security providers:
- Microsoft Cryptographic API (MSCAPI)
- IBM Global Security Kit (GSKIT).
The cipher suites used in MSCAPI are described in Cipher Suites in Schannel.
However, it depends on the underlying Windows operating system. Also there is a way to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.
The GSKIT Cipher Specs can be either SSLv3 (not FIPS supported) or TLS1.0
Here is the list of available cipher specs:
SSLv3 (In May 2008 an update of FIPS 140-2 Guidance from NIST shows that SSL V3 has been specifically excluded from being allowed in FIPS 140-2 Approved Mode. Therefore products should disable SSLV3 when entering FIPS 140-2 mode.)
00 - NULL NULL
01 - NULL MD5
02 - NULL SHA
03 - RC4 MD5 Export
04 - RC4 MD5 US
05 - RC4 SHA US
06 - RC2 MD5 Export
09 - DES SHA Export
62 - DES SHA Export1024
64 - RC4-56 SHA Export1024
0A - Triple DES SHA US
2F - TLS_RSA_WITH_AES_128_CBC_SHA
35 - TLS_RSA_WITH_AES_256_CBC_SHA
The default value is "05040A62640306090201"
TLSv1 (FIPS supported) Setting GSK_TLS_CIPHER_SPECS will only have an effect if FIPS mode processing is turned on. If FIPS processing mode is off, the new buffer option will be ignored and the value of GSK_V3_CIPHER_SPECS will be used instead.
Allowed TLS 1.0 Cipher Specs:
Same as SSL V3
The FIPS / NIST approved ciphers GSKIT supports are:
TLS1.0 -- AES (35, 2F) 3DES (0A)