ssl_cipherspecs - Supported cipher specifications at the server configuration parameter

This configuration parameter specifies the cipher suites that the server allows for incoming connection requests when using the Transport Layer Security (TLS) protocol. This parameter also affects TLS communication between HADR Primary and Standby servers.

Important:

In response to CVE-2023-32342, Db2 releases with KI DT223175 will use the non-FIPS IBM Crypto for C (ICC) for TLS ciphers that use RSA key exchange, as the FIPS certified IBM Crypto for C (ICC) is vulnerable to CVE-2023-32342.

Customers with a requirement to use only FIPS 140 certified cryptographic modules must enable Strict FIPS mode. In strict FIPS mode, Db2 releases with KI DT223175 will disable all TLS ciphers and versions that are vulnerable to CVE-2023-32342.

The following restrictions will apply to TLS when strict mode is enabled in Db2 releases that contain KI DT223175:
  • TLS 1.0 and 1.1 will be disabled in strict mode regardless of the SSL_VERSIONS setting, as the only supported ciphers use RSA key exchange. If the SSL_VERSIONS DBM CFG parameter is unset, or is set to TLSV1, TLS 1.2 will be enabled in its place.
  • TLS 1.2 ciphers that use RSA key exchange (TLS_RSA_*) will be disabled. If there are no remaining ciphers in the SSL_CIPHERSPECS DBM CFG parameter, all supported ECDHE ciphers will be enabled. For instances using RSA certificates, Db2 will automatically prefer TLS_ECDHE_RSA ciphers for TLS 1.2 and no certificate change is required.
  • TLS 1.3 is unaffected by CVE-2023-32342, and behaviour will not change in strict FIPS mode.
For further details on how to enable strict FIPS mode, refer to Industry Standards
Configuration type
Database manager
Applies to
  • Database server with local and remote clients
  • Database server with local clients
  • Partitioned database server with local and remote clients
Parameter type
Configurable
Default [range]

You can specify multiple cipher specifications, such as TLS_RSA_WITH_AES_256_CBC_SHA or TLS_RSA_WITH_AES_128_CBC_SHA. They must be separated by a comma (,) with no space either before or after the comma.

During a TLS handshake, if null or multiple values are specified, the client and the server negotiate and find the most secure cipher suites to use. If no compatible cipher suites is found, the connection fails. You cannot prioritize the cipher suites by specifying one before the another.

If you set ssl_versions to TLSV12, the following values are valid for ssl_cipherspecs.
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
Note: The following cipher suites are deprecated and might be removed in a future release.
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Configuration type
Database manager
Applies to
  • Database server with local and remote clients
  • Database server with local clients
  • Partitioned database server with local and remote clients
Parameter type
Configurable
Default [range]
NULL [See below for valid cipher specifications]

The default value for the SSL_CIPHERSPECS is NULL. When the SSL_CIPHERSPECS parameter is set to NULL, all valid cipherspecs for the TLS version set in the SSL_VERSIONS parameter are enabled.

If the SSL_CIPHERSPECS parameter contains cipherspecs that only apply to one TLS version, but the SSL_VERSIONS parameter contains multiple TLS versions, all valid cipherspecs are enabled for the remaining TLS version.

You can specify multiple cipher specifications, such as TLS_RSA_WITH_AES_256_CBC_SHA or TLS_RSA_WITH_AES_128_CBC_SHA. They must be separated by a comma with no space either before or after the comma.

During the TLS handshake, if null or multiple values are specified, the client and the server negotiate and find the most secure cipher suites to use. If no compatible cipher suites is found, the connection fails.

If you set SSL_VERSIONS to TLSV1, the following values are valid for ssl_cipherspecs:
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
If you set SSL_VERSIONS to TLSV12, the following values are valid for ssl_cipherspecs:
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
If you set SSL_VERSIONS to TLSV13, the following values are valid for ssl_cipherspecs. Cipher specifications for TLS 1.3 are defined in three groups:
  • Ciphers
  • Key exchange groups
  • Signature schemes
If options from only one group are specified, all valid options are enabled for the remaining groups.
Table 1. TLS 1.3 Ciphers
Option Description
TLS_AES_128_GCM_SHA256 AES128 encryption in Galois/Counter mode and SHA-256 Hash
TLS_AES_256_GCM_SHA384 AES256 encryption in Galois/Counter mode and SHA-384 Hash
TLS_AES_128_CCM_SHA256 AES128 encryption in Counter with CBC-MAC mode and SHA-256 Hash
TLS_AES_128_CCM_8_SHA256 AES128 encryption in Counter with CBC-MAC and 8-byte ICV mode and SHA-256 Hash
Table 2. TLS 1.3 Key Exchange Groups
Option Description
SECP256R1 ECDSA Key exchange using the secp256r1 elliptic curve
SECP384R1 ECDSA Key exchange using the secp384r1 elliptic curve
SECP521R1 ECDSA Key exchange using the secp521r1 elliptic curve
Note: TLS 1.3 supports RSA_PKCS1_* Signature Schemes for certificates only. You must configure at least one other non-PKCS1 signature scheme, if an RSA_PKCS1 signature scheme is selected for your certificate.
Table 3. TLS 1.3 Signature Schemes
Option Description
RSA_PKCS1_SHA256 RSASSA-PKCS1-v1_5 signature with SHA-256 Hash
RSA_PKCS1_SHA384 RSASSA-PKCS1-v1_5 signature with SHA-384 Hash
RSA_PKCS1_SHA512 RSASSA-PKCS1-v1_5 signature with SHA-512 Hash
ECDSA_SECP256R1_SHA256 ECDSA signature using the secp256r1 elliptic curve with SHA-256 Hash
ECDSA_SECP384R1_SHA384 ECDSA signature using the secp384r1 elliptic curve with SHA-384 Hash
ECDSA_SECP521R1_SHA512 ECDSA signature using the secp521r1 elliptic curve with SHA-512 Hash
RSA_PSS_RSAE_SHA256 RSASSA-PSS signature with SHA-256 Hash. Public keys present in certificates must use the rsaEncryption OID.
RSA_PSS_RSAE_SHA384 RSASSA-PSS signature with SHA-384 Hash. Public keys present in certificates must use the rsaEncryption OID.
RSA_PSS_RSAE_SHA512 RSASSA-PSS signature with SHA-512 Hash. Public keys present in certificates must use the rsaEncryption OID.
RSA_PSS_PSS_SHA256 RSASSA-PSS signature with SHA-256 Hash. Public keys present in certificates must use the RSASSA-PSS OID.
RSA_PSS_PSS_SHA384 RSASSA-PSS signature with SHA-384 Hash. Public keys present in certificates must use the RSASSA-PSS OID.
RSA_PSS_PSS_SHA512 RSASSA-PSS signature with SHA-512 Hash. Public keys present in certificates must use the RSASSA-PSS OID.