Managing encryption ciphers

z/OS Explorer allows you to specify System SSL variable GSK_V3_CIPHER_SPECS in rse.env. This variable specifies the encryption cipher selection specifications in order of preference as a string consisting of one or more 2-character values. RSE daemon will disable ciphers that are known to be insecure (if present), and pass this selection on to RSE server to be used by Java™ cryptographic services.

For example:
GSK_V3_CIPHER_SPECS=3536372F30310A100D0F0C
Specifies that the cipher with ID 35 (256-bit AES encryption with SHA-1 message authentication and RSA key exchange) is the preferred cipher. It will be enabled if not already enabled by default. Cipher ID 36 is next in line, followed by cipher ID 37, and so on. For a list of supported ciphers and their 2-character ID, see Cryptographic Services System SSL Programming (SC24-5901).
Parent topic: Manage encryption protocols and ciphers