Manage encryption protocols and ciphers

RSE daemon and RSE server rely on cryptographic services provided by other products (System SSL and Java™ cryptographic services). These services support multiple communication protocols and multiple encryption ciphers, all of which must be enabled before they can be used. By default, RSE uses the service’s defaults for protocol and cipher enablement, with the exception that encryption ciphers which are known to be insecure are automatically disabled. z/OS® Explorer client also relies on the defaults of Java cryptographic services.

z/OS Explorer allows you to overrule the defaults for protocol and cipher enablement, with exception of the known insecure ciphers, which are always disabled. Note that the actual protocol and cipher selection is done during the handshake between client and host, and cannot be controlled directly.