SSL Protocols

System SSL has the infrastructure to support multiple protocols.

The following protocols can be supported by System SSL:
  • Start of changeTransport Layer Security version 1.2 protocol (TLSv1.2)End of change
  • Start of changeTransport Layer Security version 1.1 protocol (TLSv1.1)End of change
  • Transport Layer Security version 1.0 protocol (TLSv1.0)
  • Secure Sockets Layer version 3.0 protocol (SSLv3)
  • Secure Sockets Layer version 2.0 protocol (SSLv2)
    • Start of changeSSLv2 cannot be used if TLSv1.2 is supported.End of change

Shipped SSL Supported Protocols

System SSL is shipped with the following supported protocols:

  • Secure Sockets Layer version 3.0 protocol (SSLv3)
  • Transport Layer Security version 1.0 protocol (TLSv1)
Note: TLSv1.2, TLSv1.1, and SSLv2 are shipped as disabled for System SSL. The QSSLPCL system value can be used to disable or enable any of the protocols.

Shipped SSL Default Protocols

The following default protocols are used by System SSL when requested by an application:

Start of change
  • Transport Layer Security version 1.0 protocol (TLSv1)
End of change

Start of changeThe shipped default protocols can be changed by using System Service Tools (SST) Advanced Analysis Command SSLCONFIG.End of change

Note: Start of changeIf TLSv1.2 or TLSv1.1 is added to the supported protocol list by an administrator, it is added to the default protocols.End of change Removing a default protocol from the supported protocol list also removes it from the default protocol list.
Parent topic: System SSL Properties
Related concepts:
The SSLCONFIG macro
Related information:
SSL system value: QSSLPCL