Retrieve TLS Attributes (QsoRtvTLSA) API
#include <qsotlsa.h>Required Parameter Group:
| 1 | Format name | Input | Char(8) |
| 2 | Receiver variable | Output | Char(*) |
| 3 | Length of receiver variable | I/O | Binary(4) |
| 4 | Error code | I/O | Char(*) |
Service Program: QSOTLSA
Default Public Authority: *USE
Threadsafe: Yes
The Retrieve TLS Attributes (QsoRtvTLSA) API retrieves TLS attributes. The system level settings are controlled by using a combination of these interfaces:
- TLS System Values
- System Service Tools (SST) Advanced Analysis command SSLCONFIG that allows viewing or altering of system-wide System TLS default properties
Authorities and Locks
None.
Required Parameter Group
- Format name
- INPUT; CHAR(8)
The format of the information to be returned. The format names supported are:
TLSA0100 TLS security attributes. See TLSA0100 Format for details on the format. TLSA0200 TLS handshake connection counts. See TLSA0200 Format for details on the format.
- Receiver variable
- OUTPUT; CHAR(*)
The variable that is to receive the information requested.
- Length of receiver variable
- I/O; BINARY(4)
The length of the receiver variable and the variable in which to return the length of the information requested. If this value is smaller than the size needed to return all of the data requested, an error is returned. If this value is larger than the actual size of the receiver variable, the result is not predictable.
- Error code
- I/O; CHAR(*)
The structure in which to return error information. For the format of the structure, see Error code parameter.
Format of TLS Attributes Information
To retrieve the current TLS attributes, use format TLSA0100. To retrieve the current TLS handshake connection counts, use format TLSA0200.
TLSA0100 Format
This format returns information regarding the TLS attributes on the system. For detailed descriptions of the fields in the table, see Field Descriptions.
| Offset | Bit | Type | Field | |
|---|---|---|---|---|
| Dec | Hex | |||
| 0 | 0 | Array(10) of BINARY(2) | Supported protocol list | |
| 20 | 14 | BINARY(4) | Length of supported protocol list | |
| 24 | 18 | Array(10) of BINARY(2) | Eligible default protocol list | |
| 44 | 2C | BINARY(4) | Length of eligible default protocol list | |
| 48 | 30 | Array(10) of BINARY(2) | Default protocol list | |
| 68 | 44 | BINARY(4) | Length of default protocol list | |
| 72 | 48 | Array(64) of BINARY(2) | Supported cipher suite list | |
| 200 | C8 | BINARY(4) | Length of supported cipher suite list | |
| 204 | CC | Array(64) of BINARY(2) | Eligible default cipher suite list | |
| 332 | 14C | BINARY(4) | Length of eligible default cipher suite list | |
| 336 | 150 | Array(64) of BINARY(2) | Default cipher suite list | |
| 464 | 1D0 | BINARY(4) | Length of default cipher suite list | |
| 468 | 1D4 | Array(32) of BINARY(2) | Supported signature algorithms | |
| 532 | 214 | BINARY(4) | Length of supported signature algorithms | |
| 536 | 218 | Array(32) of BINARY(2) | Default signature algorithms | |
| 600 | 258 | BINARY(4) | Length of default signature algorithms | |
| 604 | 25C | Array(32) of BINARY(2) | Supported signature algorithm certificates | |
| 668 | 29C | BINARY(4) | Length of supported signature algorithm certificates | |
| 672 | 2A0 | Array(32) of BINARY(2) | Default signature algorithm certificates | |
| 736 | 2E0 | BINARY(4) | Length of default signature algorithm certificates | |
| 740 | 2E4 | Array(32) of BINARY(2) | Supported named curves | |
| 804 | 324 | BINARY(4) | Length of supported named curves | |
| 808 | 328 | Array(32) of BINARY(2) | Default named curves | |
| 872 | 368 | BINARY(4) | Length of default named curves | |
| 876 | 36C | BINARY(4) | Minimum RSA key size | |
| 880 | 370 | BINARY(4) | Renegotiation without RFC 5746 allowed | |
| 884 | 374 | BINARY(4) | SSLv2 handshake connection count | |
| 888 | 378 | BINARY(4) | SSLv3 handshake connection count | |
| 892 | 37C | BINARY(4) | TLSv1.0 handshake connection count | |
| 896 | 380 | BINARY(4) | TLSv1.1 handshake connection count | |
| 900 | 384 | BINARY(4) | TLSv1.2 handshake connection count | |
| 904 | 388 | BINARY(4) | TLSv1.3 handshake connection count | |
| 908 | 38C | BINARY(4) | OCSP certificate revocation checking | |
| 912 | 390 | Array(16) of BINARY(4) | Reserved | |
| 976 | 3D0 | 0 | BIT(1) | Enable handshake connection count |
| 976 | 3D0 | 1 | BIT(1) | Secure session caching |
| 976 | 3D0 | 2 | BIT(1) | Client requires server supports RFC 5746 |
| 976 | 3D0 | 3 | BIT(1) | Server requires client supports RFC 5746 |
| 976 | 3D0 | 4 | BIT(1) | Client hello sends Encrypt-then-MAC extension |
| 976 | 3D0 | 5 | BIT(1) | Require Encrypt-then-MAC extension |
| 976 | 3D0 | 6 | BIT(1) | Client hello sends Extended Master Secret extension |
| 976 | 3D0 | 7 | BIT(1) | Require Extended Master Secret extension |
| 977 | 3D1 | 0 | BIT(1) | Middlebox compatibility mode |
| 977 | 3D1 | 1 | BIT(1) | Audit secure telnet handshakes |
| 977 | 3D1 | 2 | BIT(22) | Reserved |
Field Descriptions
Supported/eligible default/default transport layer security (TLS) protocol values. The current values for the transport layer security (TLS) protocols. Unused array elements will contain hexadecimal zeros. The possible values follow:
| 0x0304 | TLSV1.3. Transport Layer Security version 1.3 is supported. |
| 0x0303 | TLSV1.2. Transport Layer Security version 1.2 is supported. |
| 0x0302 | TLSV1.1. Transport Layer Security version 1.1 is supported. |
| 0x0301 | TLSV1.0. Transport Layer Security version 1.0 is supported. |
| 0x0300 | SSLv3. Secure Sockets Layer version 3.0 is supported. |
| 0x0002 | SSLv2. Secure Sockets Layer version 2.0 is supported. |
Supported/eligible default/default transport layer security (TLS) cipher specifications list values. The current values for the transport layer security (TLS) cipher specifications list. Unused array elements will contain hexadecimal zeros. The possible values follow:
| 0x1301 | AES_128_GCM_SHA256. Use the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 128 bit keys. Use the Secure Hash Algorithm 256 (SHA256) for generating the message authentication code (MAC). |
| 0x1302 | AES_256_GCM_SHA384. Use the AES cipher with GCM and 256 bit keys. Use the Secure Hash Algorithm 384 (SHA384) for generating the MAC. |
| 0x1303 | CHACHA20_POLY1305_SHA256. Use the ChaCha stream cipher with 20 rounds, 96-bit nonce, and 256 bit keys with Poly1305 authenticator. Use SHA256 for generating the MAC. |
| 0x009C | RSA_AES_128_GCM_SHA256. Use the Rivest Shamir Adleman (RSA) public key algorithm with the AES cipher with GCM and 128 bit keys. Use SHA256 for generating the MAC. |
| 0x009D | RSA_AES_256_GCM_SHA384. Use the RSA public key algorithm with the AES cipher with GCM and 256 bit keys. Use SHA384 for generating the MAC. |
| 0xC006 | ECDHE_ECDSA_NULL_SHA. Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm but do not use any cipher. Use the Secure Hash Algorithm 1 (SHA-1) for generating the MAC. |
| 0xC007 | ECDHE_ECDSA_RC4_128_SHA. Use the ECDHE key exchange algorithm with the ECDSA public key algorithm with the Rivest Cipher 4 (RC4) cipher and 128 bit keys. Use SHA-1 for generating the MAC. |
| 0xC008 | ECDHE_ECDSA_3DES_EDE_CBC_SHA. Use the ECDHE key exchange algorithm with the ECDSA public key algorithm with the Triple Data Encryption Standard (3DES) cipher with the encrypt/decrypt/encrypt (EDE) and cipher block chaining (CBC) modes and 168 bit keys. Use SHA-1 for generating the MAC. |
| 0xC010 | ECDHE_RSA_NULL_SHA. Use the ECDHE key exchange algorithm with the RSA public key algorithm but do not use any cipher. Use SHA-1 for generating the MAC. |
| 0xC011 | ECDHE_RSA_RC4_128_SHA. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the RC4 cipher and 128 bit keys. Use SHA-1 for generating the MAC. |
| 0xC012 | ECDHE_RSA_3DES_EDE_CBC_SHA. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the 3DES cipher with the EDE and CBC modes and 168 bit keys. Use SHA-1 for generating the MAC. |
| 0xC023 | ECDHE_ECDSA_AES_128_CBC_SHA256. Use the ECDHE key exchange algorithm with the ECDSA public key algorithm with the AES cipher with CBC and 128 bit keys. Use SHA256 for generating the MAC. |
| 0xC024 | ECDHE_ECDSA_AES_256_CBC_SHA384. Use the ECDHE key exchange algorithm with the ECDSA public key algorithm with the AES cipher with CBC and 256 bit keys. Use SHA384 for generating the MAC. |
| 0xC027 | ECDHE_RSA_AES_128_CBC_SHA256. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with CBC and 128 bit keys. Use SHA256 for generating the MAC. |
| 0xC028 | ECDHE_RSA_AES_256_CBC_SHA384. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with CBC and 256 bit keys. Use SHA384 for generating the MAC. |
| 0xC02B | ECDHE_ECDSA_AES_128_GCM_SHA256. Use the ECDHE key exchange algorithm with the ECDSA public key algorithm with the AES cipher with GCM and 128 bit keys. Use SHA256 for generating the MAC. |
| 0xC02C | ECDHE_ECDSA_AES_256_GCM_SHA384. Use the ECDHE key exchange algorithm with the ECDSA public key algorithm with the AES cipher with GCM and 256 bit keys. Use SHA384 for generating the MAC. |
| 0xC02F | ECDHE_RSA_AES_128_GCM_SHA256. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with GCM and 128 bit keys. Use SHA256 for generating the MAC. |
| 0xC030 | ECDHE_RSA_AES_256_GCM_SHA384. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with GCM and 256 bit keys. Use SHA384 for generating the MAC. |
| 0xCCA9 | ECDHE_ECDSA_CHACHA20_POLY1305_SHA256. Use the ECDHE key exchange algorithm with the ECDSA public key algorithm with the ChaCha stream cipher with 20 rounds, 96-bit nonce, and 256 bit keys with Poly1305 authenticator. Use SHA256 for generating the MAC. |
| 0xCCA8 | ECDHE_RSA_CHACHA20_POLY1305_SHA256. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the ChaCha stream cipher with 20 rounds, 96-bit nonce, and 256 bit keys with Poly1305 authenticator. Use SHA256 for generating the MAC. |
| 0x003C | RSA_AES_128_CBC_SHA256. Use the RSA public key algorithm with the AES cipher with CBC and 128 bit keys. Use SHA256 for generating the MAC. |
| 0x002F | RSA_AES_128_CBC_SHA. Use the RSA public key algorithm with the AES cipher with CBC and 128 bit keys. Use SHA-1 for generating the MAC. |
| 0x003D | RSA_AES_256_CBC_SHA256. Use the RSA public key algorithm with the AES cipher with CBC and 256 bit keys. Use SHA256 for generating the MAC. |
| 0x0035 | RSA_AES_256_CBC_SHA. Use the RSA public key algorithm with the AES cipher with CBC and 256 bit keys. Use SHA-1 for generating the MAC. |
| 0x0005 | RSA_RC4_128_SHA. Use the RSA public key algorithm with the RC4 cipher and 128 bit keys. Use SHA-1 for generating the MAC. |
| 0x000A | RSA_3DES_EDE_CBC_SHA. Use the RSA public key algorithm with the 3DES cipher with the EDE and CBC modes and 168 bit keys. Use SHA-1 for generating the MAC. |
| 0x0004 | RSA_RC4_128_MD5. Use the RSA public key algorithm with the RC4 cipher and 128 bit keys. Use message digest algorithm 5 (MD5) for generating the MAC. |
| 0x0009 | RSA_DES_CBC_SHA. Use the RSA public key algorithm with the Data Encryption Standard (DES) cipher with CBC mode and 56 bit keys. Use SHA-1 for generating the MAC. |
| 0x0003 | RSA_EXPORT_RC4_40_MD5. Use the RSA public key algorithm with the RC4 cipher and 40 bit keys. Use MD5 for generating the MAC. |
| 0x0006 | RSA_EXPORT_RC2_CBC_40_MD5. Use the RSA public key algorithm with the Rivest Cipher 2 (RC2) cipher with CBC mode and 40 bit keys. Use MD5 for generating the MAC. |
| 0x003B | RSA_NULL_SHA256. Use the RSA public key algorithm but do not use any cipher. Use SHA256 for generating the MAC. |
| 0x0002 | RSA_NULL_SHA. Use the RSA public key algorithm but do not use any cipher. Use SHA-1 for generating the MAC. |
| 0x0001 | RSA_NULL_MD5. Use the RSA public key algorithm but do not use any cipher. Use MD5 for generating the MAC. |
| 0xFF03 | RSA_3DES_EDE_CBC_MD5. Use the RSA public key algorithm with the 3DES cipher with the EDE and CBC modes and 168 bit keys. Use MD5 for generating the MAC. Note: This cipher is only valid for use with SSLv2. |
| 0xFF02 | RSA_DES_CBC_MD5. Use the RSA public key algorithm with the DES cipher with the CBC mode and 56 bit keys. Use MD5 for the MAC. Note: This cipher is only valid for use with SSLv2. |
| 0xFF01 | RSA_RC2_CBC_128_MD5. Use the RSA public key algorithm with the RC2 cipher with CBC mode and 128 bit keys. Use MD5 for generating the MAC. Note: This cipher is only valid for use with SSLv2. |
Supported/default transport layer security (TLS) signature algorithm values. The current values for transport layer security (TLS) signature algorithms. Unused array elements will contain hexadecimal zeros. The possible values follow:
| 0x0806 | RSA PSS with SHA512 |
| 0x0805 | RSA PSS with SHA384 |
| 0x0804 | RSA PSS with SHA256 |
| 0x0603 | ECDSA with SHA512 |
| 0x0503 | ECDSA with SHA384 |
| 0x0403 | ECDSA with SHA256 |
| 0x0303 | ECDSA with SHA224 |
| 0x0203 | ECDSA with SHA1 |
| 0x0601 | RSA with SHA512 |
| 0x0501 | RSA with SHA384 |
| 0x0401 | RSA with SHA256 |
| 0x0301 | RSA with SHA224 |
| 0x0201 | RSA with SHA1 |
| 0x0101 | RSA with MD5 |
Supported/default transport layer security (TLS) signature algorithm certificate values. The current values for transport layer security (TLS) signature algorithm certificates. Unused array elements will contain hexadecimal zeros. The possible values follow:
| 0x0806 | RSA PSS with SHA512 |
| 0x0805 | RSA PSS with SHA384 |
| 0x0804 | RSA PSS with SHA256 |
| 0x0603 | ECDSA with SHA512 |
| 0x0503 | ECDSA with SHA384 |
| 0x0403 | ECDSA with SHA256 |
| 0x0303 | ECDSA with SHA224 |
| 0x0203 | ECDSA with SHA1 |
| 0x0601 | RSA with SHA512 |
| 0x0501 | RSA with SHA384 |
| 0x0401 | RSA with SHA256 |
| 0x0301 | RSA with SHA224 |
| 0x0201 | RSA with SHA1 |
| 0x0101 | RSA with MD5 |
Supported/default transport layer security (TLS) elliptical curve named curve values. The current values for transport layer security (TLS) elliptical curve named curves. Unused array elements will contain hexadecimal zeros. The possible values follow:
| 0x001E | x448 |
| 0x001D | x25519 |
| 0x0019 | Secp521r1 |
| 0x0018 | Secp384r1 |
| 0x0017 | Secp256r1 |
| 0x0015 | Secp224r1 |
| 0x0013 | Secp192r1 |
Minimum RSA key size. The value for the minimum RSA key size (in bits) allowed for a RSA certificate being sent or received. A value of 0 indicates any size is valid.
Renegotiation type. Determines if TLS renegotiation is allowed. The first three values have meaning only for communication with peers that do not support RFC 5746. This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions. The possible values follow:
| 0 | No unsecured handshake renegotiation is allowed. |
| 1 | Overrides and allows unsecured abbreviated handshake during renegotiation when session continuity is proven. |
| 2 | Overrides and allows unsecured full handshake and abbreviated handshake during renegotiation. |
| 3 | All peer-initiated handshake renegotiation is disabled, including RFC 5746 handshake renegotiation. |
SSLv2 handshake connection count. The current running count of System TLS connections that used the SSLv2 protocol.
SSLv3 handshake connection count. The current running count of System TLS connections that used the SSLv3 protocol.
TLSv1.0 handshake connection count. The current running count of System TLS connections that used the TLSv1.0 protocol.
TLSv1.1 handshake connection count. The current running count of System TLS connections that used the TLSv1.1 protocol.
TLSv1.2 handshake connection count. The current running count of System TLS connections that used the TLSv1.2 protocol.
TLSv1.3 handshake connection count. The current running count of System TLS connections that used the TLSv1.3 protocol.
OCSP certificate revocation checking. Determines if OCSP certificate revocation checking is enabled. The possible values follow:
| 0 | OCSP certificate revocation checking using Authority Information Access (AIA) certificate extension information is disabled. |
| 1 | OCSP certificate revocation checking using AIA certificate extension information is enabled. |
| 2 | OCSP certificate revocation checking using AIA certificate extension information and OCSP stapling are enabled. The client requests OCSP stapling and the server supports the certificate status_request extension. |
| 3 | OCSP certificate revocation checking using AIA certificate extension information and OCSP stapling are enabled and OCSP stapling is required by the client. If the client does not receive a stapled OCSP response and the server's certificate extensions indicate it must staple, the secure connection fails. On the server, this value has the same meaning as a value of '2'. |
Enable handshake connection count. Determines if System TLS handshake connections are counted. The possible values follow:
| 0 | System TLS handshake connection counting is disabled. |
| 1 | System TLS handshake connection counting is enabled. |
Secure session caching. Determines if System TLS secure session caching is enabled. The possible values follow:
| 0 | System TLS secure session caching is disabled. |
| 1 | System TLS secure session caching is enabled. |
Client requires server supports RFC 5746. Determines if the TLS client requires that the server indicates support for RFC 5746 renegotiation. This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions. The possible values follow:
| 0 | TLS client does not require the server support RFC 5746 renegotiation. |
| 1 | TLS client requires the server support RFC 5746 renegotiation. |
Server requires client supports RFC 5746. Determines if the TLS server requires that the client indicates support for RFC 5746 renegotiation. This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions. The possible values follow:
| 0 | TLS server does not require the client support RFC 5746 renegotiation. |
| 1 | TLS server requires the client support RFC 5746 renegotiation. |
Client hello sends Encrypt-then-MAC extension. Determines if the Encrypt-then-MAC (EtM) extension from RFC 7366 is sent in the client hello for applications that do not explicitly disable it. This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions. The possible values follow:
| 0 | TLS client hello does not send the EtM extension from RFC 7366. |
| 1 | TLS client hello sends the EtM extension from RFC 7366. |
Require Encrypt-then-MAC extension. Determines if the peer must support the Encrypt-then-MAC (EtM) extension from RFC 7366 for applications that do not explicitly set the attribute. This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions. The possible values follow:
| 0 | The peer is not required to support the EtM extension from RFC 7366. |
| 1 | The peer must support the EtM extension from RFC 7366. |
Client hello sends Extended Master Secret extension. Determines if the Extended Master Secret (EMS) extension from RFC 7627 is sent in the client hello for applications that do not explicitly disable it. This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions. The possible values follow:
| 0 | TLS client hello does not send the EMS extension from RFC 7627. |
| 1 | TLS client hello sends the EMS extension from RFC 7627. |
Require Extended Master Secret extension. Determines if the peer must support the Extended Master Secret (EMS) extension from RFC 7627 for applications that do not explicitly set the attribute. This field has meaning for TLSv1.2 and prior versions; it does not apply to TLSv1.3 and newer versions. The possible values follow:
| 0 | The peer is not required to support the EMS extension from RFC 7627. |
| 1 | The peer must support the EMS extension from RFC 7627. |
Middlebox compatibility mode. Determines if TLSv1.3 should look like TLSv1.2 on the wire by sending extraneous change cipher spec messages and filling in legacy fields. The possible values follow:
| 0 | TLS middlebox compatibility mode is disabled. |
| 1 | TLS middlebox compatibility mode is enabled. |
Audit secure telnet handshakes. Determines if secure telnet handshakes should be audited. This value only has meaning when QAUDLVL or QAUDLVL2 contains *NETSECURE. The possible values follow:
| 0 | When secure auditing is enabled, secure telnet handshakes are audited only if *NETTELSVR is set in QAUDLVL or QAUDLVL2. |
| 1 | When secure auditing is enabled, secure telnet handshakes are audited. |
Reserved. An ignored field.
TLSA0200 Format
This format returns information regarding the TLS handshake connection counts
by protocol type and cipher suite on the system since the last reset.
When enabled, a running count of new System TLS connections is kept grouped
by the negotiated TLS protocols and ciphers.
The SSLCONFIG sslConnectionCounts option identifies the system level
setting to enable handshake connection counting.
For detailed descriptions of the fields in the table, see
Field Descriptions.
| Offset | Bit | Type | Field | |
|---|---|---|---|---|
| Dec | Hex | |||
| 0 | 0 | BINARY(4) | Enable handshake connection count | |
| 4 | 4 | BINARY(4) | SSLv2 handshake connection count | |
| 8 | 8 | BINARY(4) | SSLv3 handshake connection count | |
| 12 | C | BINARY(4) | TLSv1.0 handshake connection count | |
| 16 | 10 | BINARY(4) | TLSv1.1 handshake connection count | |
| 20 | 14 | BINARY(4) | TLSv1.2 handshake connection count | |
| 24 | 18 | BINARY(4) | TLSv1.3 handshake connection count | |
| 28 | 1C | Array(5) of BINARY(4) | Reserved | |
| 48 | 30 | BINARY(4) | AES_128_GCM_SHA256 handshake connection count | |
| 52 | 34 | BINARY(4) | AES_256_GCM_SHA384 handshake connection count | |
| 56 | 38 | BINARY(4) | CHACHA20_POLY1305_SHA256 handshake connection count | |
| 60 | 3C | BINARY(4) | ECDHE_ECDSA_AES_128_GCM_SHA256 handshake connection count | |
| 64 | 40 | BINARY(4) | ECDHE_ECDSA_AES_256_GCM_SHA384 handshake connection count | |
| 68 | 44 | BINARY(4) | ECDHE_ECDSA_CHACHA20_POLY1305_SHA256 handshake connection count | |
| 72 | 48 | BINARY(4) | ECDHE_RSA_AES_128_GCM_SHA256 handshake connection count | |
| 76 | 4C | BINARY(4) | ECDHE_RSA_AES_256_GCM_SHA384 handshake connection count | |
| 80 | 50 | BINARY(4) | ECDHE_RSA_CHACHA20_POLY1305_SHA256 handshake connection count | |
| 84 | 54 | BINARY(4) | RSA_AES_128_GCM_SHA256 handshake connection count | |
| 88 | 58 | BINARY(4) | RSA_AES_256_GCM_SHA384 handshake connection count | |
| 92 | 5C | BINARY(4) | ECDHE_ECDSA_AES_128_CBC_SHA256 handshake connection count | |
| 96 | 60 | BINARY(4) | ECDHE_ECDSA_AES_256_CBC_SHA384 handshake connection count | |
| 100 | 64 | BINARY(4) | ECDHE_RSA_AES_128_CBC_SHA256 handshake connection count | |
| 104 | 68 | BINARY(4) | ECDHE_RSA_AES_256_CBC_SHA384 handshake connection count | |
| 108 | 6C | BINARY(4) | RSA_AES_128_CBC_SHA256 handshake connection count | |
| 112 | 70 | BINARY(4) | RSA_AES_128_CBC_SHA handshake connection count | |
| 116 | 74 | BINARY(4) | RSA_AES_256_CBC_SHA256 handshake connection count | |
| 120 | 78 | BINARY(4) | RSA_AES_256_CBC_SHA handshake connection count | |
| 124 | 7C | BINARY(4) | ECDHE_ECDSA_3DES_EDE_CBC_SHA handshake connection count | |
| 128 | 80 | BINARY(4) | ECDHE_RSA_3DES_EDE_CBC_SHA handshake connection count | |
| 132 | 84 | BINARY(4) | RSA_3DES_EDE_CBC_SHA handshake connection count | |
| 136 | 88 | BINARY(4) | ECDHE_ECDSA_RC4_128_SHA handshake connection count | |
| 140 | 8C | BINARY(4) | ECDHE_RSA_RC4_128_SHA handshake connection count | |
| 144 | 90 | BINARY(4) | RSA_RC4_128_SHA handshake connection count | |
| 148 | 94 | BINARY(4) | RSA_RC4_128_MD5 handshake connection count | |
| 152 | 98 | BINARY(4) | RSA_DES_CBC_SHA handshake connection count | |
| 156 | 9C | BINARY(4) | RSA_EXPORT_RC4_40_MD5 handshake connection count | |
| 160 | A0 | BINARY(4) | RSA_EXPORT_RC2_CBC_40_MD5 handshake connection count | |
| 164 | A4 | BINARY(4) | ECDHE_ECDSA_NULL_SHA handshake connection count | |
| 168 | A8 | BINARY(4) | ECDHE_RSA_NULL_SHA handshake connection count | |
| 172 | AC | BINARY(4) | RSA_NULL_SHA256 handshake connection count | |
| 176 | B0 | BINARY(4) | RSA_NULL_SHA handshake connection count | |
| 180 | B4 | BINARY(4) | RSA_NULL_MD5 handshake connection count | |
| 184 | B8 | BINARY(4) | RSA_3DES_EDE_CBC_MD5 handshake connection count | |
| 188 | BC | BINARY(4) | RSA_DES_CBC_MD5 handshake connection count | |
| 192 | C0 | BINARY(4) | RSA_RC2_CBC_128_MD5 handshake connection count | |
| 184 | B8 | Array(27) of BINARY(4) | Reserved | |
Field Descriptions
Enable handshake connection count. Determines if System TLS handshake connections are counted. The possible values follow:
| 0 | System TLS handshake connection counting is disabled. |
| 1 | System TLS handshake connection counting is enabled. |
SSLv2 handshake connection count. The current running count of System TLS connections that used the SSLv2 protocol.
SSLv3 handshake connection count. The current running count of System TLS connections that used the SSLv3 protocol.
TLSv1.0 handshake connection count. The current running count of System TLS connections that used the TLSv1.0 protocol.
TLSv1.1 handshake connection count. The current running count of System TLS connections that used the TLSv1.1 protocol.
TLSv1.2 handshake connection count. The current running count of System TLS connections that used the TLSv1.2 protocol.
TLSv1.3 handshake connection count. The current running count of System TLS connections that used the TLSv1.3 protocol.
AES_128_GCM_SHA256 handshake connection count. The current running count of System TLS connections that used the AES_128_GCM_SHA256 cipher suite.
AES_256_GCM_SHA384 handshake connection count. The current running count of System TLS connections that used the AES_256_GCM_SHA384 cipher suite.
CHACHA20_POLY1305_SHA256 handshake connection count. The current running count of System TLS connections that used the CHACHA20_POLY1305_SHA256 cipher suite.
ECDHE_ECDSA_AES_128_GCM_SHA256 handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_AES_128_GCM_SHA256 cipher suite.
ECDHE_ECDSA_AES_256_GCM_SHA384 handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_AES_256_GCM_SHA384 cipher suite.
ECDHE_ECDSA_CHACHA20_POLY1305_SHA256 handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_CHACHA20_POLY1305_SHA256 cipher suite.
ECDHE_RSA_AES_128_GCM_SHA256 handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_AES_128_GCM_SHA256 cipher suite.
ECDHE_RSA_AES_256_GCM_SHA384 handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_AES_256_GCM_SHA384 cipher suite.
ECDHE_RSA_CHACHA20_POLY1305_SHA256 handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_CHACHA20_POLY1305_SHA256 cipher suite.
RSA_AES_128_GCM_SHA256 handshake connection count. The current running count of System TLS connections that used the RSA_AES_128_GCM_SHA256 cipher suite.
RSA_AES_256_GCM_SHA384 handshake connection count. The current running count of System TLS connections that used the RSA_AES_256_GCM_SHA384 cipher suite.
ECDHE_ECDSA_AES_128_CBC_SHA256 handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_AES_128_CBC_SHA256 cipher suite.
ECDHE_ECDSA_AES_256_CBC_SHA384 handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_AES_256_CBC_SHA384 cipher suite.
ECDHE_RSA_AES_128_CBC_SHA256 handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_AES_128_CBC_SHA256 cipher suite.
ECDHE_RSA_AES_256_CBC_SHA384 handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_AES_256_CBC_SHA384 cipher suite.
RSA_AES_128_CBC_SHA256 handshake connection count. The current running count of System TLS connections that used the RSA_AES_128_CBC_SHA256 cipher suite.
RSA_AES_128_CBC_SHA handshake connection count. The current running count of System TLS connections that used the RSA_AES_128_CBC_SHA cipher suite.
RSA_AES_256_CBC_SHA256 handshake connection count. The current running count of System TLS connections that used the RSA_AES_256_CBC_SHA256 cipher suite.
RSA_AES_256_CBC_SHA handshake connection count. The current running count of System TLS connections that used the RSA_AES_256_CBC_SHA cipher suite.
ECDHE_ECDSA_3DES_EDE_CBC_SHA handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_3DES_EDE_CBC_SHA cipher suite.
ECDHE_RSA_3DES_EDE_CBC_SHA handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_3DES_EDE_CBC_SHA cipher suite.
RSA_3DES_EDE_CBC_SHA handshake connection count. The current running count of System TLS connections that used the RSA_3DES_EDE_CBC_SHA cipher suite.
ECDHE_ECDSA_RC4_128_SHA handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_RC4_128_SHA cipher suite.
ECDHE_RSA_RC4_128_SHA handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_RC4_128_SHA cipher suite.
RSA_RC4_128_SHA handshake connection count. The current running count of System TLS connections that used the RSA_RC4_128_SHA cipher suite.
RSA_RC4_128_MD5 handshake connection count. The current running count of System TLS connections that used the RSA_RC4_128_MD5 cipher suite.
RSA_DES_CBC_SHA handshake connection count. The current running count of System TLS connections that used the RSA_DES_CBC_SHA cipher suite.
RSA_EXPORT_RC4_40_MD5 handshake connection count. The current running count of System TLS connections that used the RSA_EXPORT_RC4_40_MD5 cipher suite.
RSA_EXPORT_RC2_CBC_40_MD5 handshake connection count. The current running count of System TLS connections that used the RSA_EXPORT_RC2_CBC_40_MD5 cipher suite.
ECDHE_ECDSA_NULL_SHA handshake connection count. The current running count of System TLS connections that used the ECDHE_ECDSA_NULL_SHA cipher suite.
ECDHE_RSA_NULL_SHA handshake connection count. The current running count of System TLS connections that used the ECDHE_RSA_NULL_SHA cipher suite.
RSA_NULL_SHA256 handshake connection count. The current running count of System TLS connections that used the RSA_NULL_SHA256 cipher suite.
RSA_NULL_SHA handshake connection count. The current running count of System TLS connections that used the RSA_NULL_SHA cipher suite.
RSA_NULL_MD5 handshake connection count. The current running count of System TLS connections that used the RSA_NULL_MD5 cipher suite.
RSA_3DES_EDE_CBC_MD5 handshake connection count. The current running count of System TLS connections that used the RSA_3DES_EDE_CBC_MD5 cipher suite.
RSA_DES_CBC_MD5 handshake connection count. The current running count of System TLS connections that used the RSA_DES_CBC_MD5 cipher suite.
RSA_RC2_CBC_128_MD5 handshake connection count. The current running count of System TLS connections that used the RSA_RC2_CBC_128_MD5 cipher suite.
Reserved. An ignored field.
Usage Notes
- The following fields have meaning for future IBM i releases; they do not apply to IBM i 7.2.
- Supported signature algorithm certificates
- Default signature algorithm certificates
- Supported named curves
- Default named curves
- Minimum RSA key size
- OCSP certificate revocation checking
- Secure session caching
- Client hello sends Encrypt-then-MAC extension
- Require Encrypt-then-MAC extension
- Client hello sends Extended Master Secret extension
- Require Extended Master Secret extension
- Middlebox compatibility mode
- Audit secure telnet handshakes
- TLSv1.3 handshake connection count
- AES_128_GCM_SHA256 handshake connection count
- AES_256_GCM_SHA384 handshake connection count
- CHACHA20_POLY1305_SHA256 handshake connection count
- ECDHE_ECDSA_CHACHA20_POLY1305_SHA256 handshake connection count
- ECDHE_RSA_CHACHA20_POLY1305_SHA256 handshake connection count
Error Messages
| Message ID | Error Message Text |
|---|---|
| CPF3C1E E | Required parameter &1 omitted. |
| CPF3C21 E | Format name &1 is not valid. |
| CPF3C24 E | Length of the receiver variable is not valid. |
| CPF3CF1 E | Error code parameter not valid. |
| CPF3CF2 E | Possible APAR condition or hardware failure. |
API introduced: IBM® i 7.2 by PTF
[ Back to top | Security APIs | APIs by category ]