Secure sockets layer (SSL) default cipher specification list changes
SSL default cipher specification list has changed for System SSL
The System SSL default cipher specification list no longer contains any ciphers that use the MD5
hashing algorithm. The new Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) Elliptic Curve Digital
Signature Algorithm (ECDSA) set of Advanced Encryption Standard (AES) ciphers are first in the list.
In the subsection of previously existing RSA ciphers, the AES 256-bit cipher is now second in the
ordered default cipher specification list, previously it was fourth. 
All Rivest
Cipher 4 (RC4) 128-bit ciphers and all Triple DES (3DES) ciphers have been removed from the
list.
The new ECDHE RSA AES subset of ciphers appears at the end of the list. The ciphers no
longer in the default cipher specification list are still supported by System SSL for applications
that code to specifically use those ciphers.
in the default cipher specification list can be
altered indirectly by changing the order of the ciphers contained
in the QSSLCSL system value. See the SSL topic in the IBM® Knowledge Center for additional information. The shipped default cipher specification list values
but not order can also be changed by using System Service Tools (SST)
Advanced Analysis Command SSLCONFIG. For additional information see
the help text for SSLCONFIG. The System SSL default cipher specification
list is now as follows:- ECDHE_ECDSA_AES_128_CBC_SHA256
- ECDHE_ECDSA_AES_256_CBC_SHA384
- ECDHE_ECDSA_AES_128_GCM_SHA256
- ECDHE_ECDSA_AES_256_GCM_SHA384
- RSA_AES_128_CBC_SHA256
- RSA_AES_128_CBC_SHA
- RSA_AES_256_CBC_SHA256
- RSA_AES_256_CBC_SHA
- RSA_AES_128_GCM_SHA256
- RSA_AES_256_GCM_SHA384
- ECDHE_RSA_AES_128_CBC_SHA256
- ECDHE_RSA_AES_256_CBC_SHA384
- ECDHE_RSA_AES_128_GCM_SHA256
- ECDHE_RSA_AES_256_GCM_SHA384