Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
SSL/TLS protocol z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
When executing in FIPS mode, applications are allowed to use the TLS V1.0, TLS V1.1, and TLS V1.2 protocols. SSL V2 and SSL V3 are not supported. The specification of SSL V2 and SSL V3 during setup of the SSL/TLS application is ignored. When executing in non-FIPS mode, the default 2-character specifications string reflects the default order of suites supported: 050435363738392F303132330A1613100D0915120F0C0306020100 When executing in non-FIPS mode, if GSK_V3_CIPHERS is set to GSK_V3_CIPHERS_CHAR4,
and a cipher specification is not set in GSK_V3_CIPHER_SPECS_EXPANDED,
then the default cipher specification is set as follows:
0005000400350036003700380039002F0030003100320033000A0016 The algorithm restrictions (see Table 1)
result in the following default cipher specifications string in FIPS
mode:
35363738392F303132330A1613100D If using 4-character cipher specifications, the default cipher
specifications string in FIPS mode becomes:
00350036003700380039002F0030003100320033000A001600130010000D Only the following cipher suites are compatible with the restrictions in Table 1 and are therefore supported while executing in FIPS mode: When using 2-character cipher suites:
0A 0D 10 13 16 2F 30 31 32 33 35 36 37 38 39 When using 4-character cipher suites:
000A 000D 0010 0013 0016 002F 0030 0031 0032 0033 0035 0036 0037 0038 If non-FIPS mode ciphers are specified, they are ignored during the TLS handshake processing. For more information about ciphers and their 2character or 4-character values, see Cipher suite definitions. |
Copyright IBM Corporation 1990, 2014
|