Alternatives for specifying CipherSpecs

For those platforms where the operating system provides the TLS support, your system might support new CipherSpecs. You can specify a new CipherSpec with the SSLCIPH parameter, but the value you supply depends on your platform.

For those platforms where the operating system provides the TLS support, your system might support new CipherSpecs that are not included in Enabling CipherSpecs. You can specify a new CipherSpec with the SSLCIPH parameter, but the value you supply depends on your platform. In all cases the specification must correspond to an TLS CipherSpec that is both valid and supported by the version of TLS your system is running.

IBM i

A two-character string representing a hexadecimal value.

For more information about the permitted values, see point three in the Usage Notes section of Set character information for a secure session.

Attention: You should not specify hexadecimal cipher values in SSLCIPH, because it is unclear from the value which cipher will be used, and the choice of which protocol to be used is indeterminate. Using hexadecimal cipher values can lead to CipherSpec mismatch errors.

You can use either the CHGMQMCHL or the CRTMQMCHL command to specify the value, for example:

CRTMQMCHL CHLNAME(' channel name ') SSLCIPH(' hexadecimal value ')

You can also use the ALTER QMGR MQSC command to set the SSLCIPH parameter.

z/OS®

A four-character string representing a hexadecimal value. The hexadecimal codes correspond to the values defined in the TLS protocol.

For more information, refer to Cipher Suite Definitions where there is a list of all the supported TLS 1.0, TLS 1.2, and TLS 1.3 cipher specifications in the form of 4-digit hexadecimal codes.