Secure sockets layer (SSL) default cipher specification list changes
SSL default cipher specification list has changed for System SSL
The System SSL default cipher specification list no longer contains any ciphers that use the MD5 hashing algorithm. The new Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) Elliptic Curve Digital Signature Algorithm (ECDSA) set of Advanced Encryption Standard (AES) ciphers are first in the list. In the subsection of previously existing RSA ciphers, the AES 256-bit cipher is now second in the ordered default cipher specification list, previously it was fourth. All Rivest Cipher 4 (RC4) 128-bit ciphers and all Triple DES (3DES) ciphers have been removed from the list. The new ECDHE RSA AES subset of ciphers appears at the end of the list. The ciphers no longer in the default cipher specification list are still supported by System SSL for applications that code to specifically use those ciphers.
- ECDHE_ECDSA_AES_128_CBC_SHA256
- ECDHE_ECDSA_AES_256_CBC_SHA384
- ECDHE_ECDSA_AES_128_GCM_SHA256
- ECDHE_ECDSA_AES_256_GCM_SHA384
- RSA_AES_128_CBC_SHA256
- RSA_AES_128_CBC_SHA
- RSA_AES_256_CBC_SHA256
- RSA_AES_256_CBC_SHA
- RSA_AES_128_GCM_SHA256
- RSA_AES_256_GCM_SHA384
- ECDHE_RSA_AES_128_CBC_SHA256
- ECDHE_RSA_AES_256_CBC_SHA384
- ECDHE_RSA_AES_128_GCM_SHA256
- ECDHE_RSA_AES_256_GCM_SHA384