SSL Cipher Suites
System SSL has the infrastructure to support multiple cipher suites.
The cipher suites are specified in different ways for each programming
interface. The following cipher suites that are shown with the system
value format, can be supported by System SSL:
- *RSA_AES_128_GCM_SHA256
- *RSA_AES_256_GCM_SHA384
- *ECDHE_ECDSA_NULL_SHA
- *ECDHE_ECDSA_RC4_128_SHA
- *ECDHE_ECDSA_3DES_EDE_CBC_SHA
- *ECDHE_RSA_NULL_SHA
- *ECDHE_RSA_RC4_128_SHA
- *ECDHE_RSA_3DES_EDE_CBC_SHA
- *ECDHE_ECDSA_AES_128_CBC_SHA256
- *ECDHE_ECDSA_AES_256_CBC_SHA384
- *ECDHE_RSA_AES_128_CBC_SHA256
- *ECDHE_RSA_AES_256_CBC_SHA384
- *ECDHE_ECDSA_AES_128_GCM_SHA256
- *ECDHE_ECDSA_AES_256_GCM_SHA384
- *ECDHE_RSA_AES_128_GCM_SHA256
- *ECDHE_RSA_AES_256_GCM_SHA384
- *RSA_AES_128_CBC_SHA256
- *RSA_AES_256_CBC_SHA256
- *RSA_NULL_SHA256
- *RSA_NULL_MD5
- *RSA_NULL_SHA
- *RSA_EXPORT_RC4_40_MD5
- *RSA_RC4_128_MD5
- *RSA_RC4_128_SHA
- *RSA_EXPORT_RC2_CBC_40_MD5
- *RSA_DES_CBC_SHA
- *RSA_3DES_EDE_CBC_SHA
- *RSA_AES_128_CBC_SHA
- *RSA_AES_256_CBC_SHA
- *RSA_RC2_CBC_128_MD5
- *RSA_DES_CBC_MD5
- *RSA_3DES_EDE_CBC_MD5
Shipped SSL supported cipher specification list
A cipher specification list contains a list of cipher suites. System SSL ships with 29 cipher suites supported. Administrators can control the ciphers that are supported by System SSL with system values QSSLCSL and QSSLCSLCTL. A cipher suite cannot be supported if the SSL protocol it requires is not also supported.
The following cipher suites
are shipped as supported by System SSL:
The supported cipher specification list is affected by the
SSL protocols that are supported by the system and by changes that
are made to the system value QSSLCSL. You can display the value of
QSSLCSL to see the cipher specification list on your system.- *ECDHE_ECDSA_AES_128_CBC_SHA256
- *ECDHE_ECDSA_AES_256_CBC_SHA384
- *ECDHE_ECDSA_AES_128_GCM_SHA256
- *ECDHE_ECDSA_AES_256_GCM_SHA384
- *RSA_AES_128_CBC_SHA256
- *RSA_AES_128_CBC_SHA
- *RSA_AES_256_CBC_SHA256
- *RSA_AES_256_CBC_SHA
- *RSA_AES_128_GCM_SHA256
- *RSA_AES_256_GCM_SHA384
- *ECDHE_RSA_AES_128_CBC_SHA256
- *ECDHE_RSA_AES_256_CBC_SHA384
- *ECDHE_RSA_AES_128_GCM_SHA256
- *ECDHE_RSA_AES_256_GCM_SHA384
- *ECDHE_ECDSA_3DES_EDE_CBC_SHA
- *ECDHE_RSA_3DES_EDE_CBC_SHA
- *RSA_3DES_EDE_CBC_SHA
- *ECDHE_ECDSA_RC4_128_SHA
- *ECDHE_RSA_RC4_128_SHA
- *RSA_RC4_128_SHA
- *RSA_RC4_128_MD5
- *RSA_DES_CBC_SHA
- *RSA_EXPORT_RC4_40_MD5
- *RSA_EXPORT_RC2_CBC_40_MD5
- *ECDHE_ECDSA_NULL_SHA
- *ECDHE_RSA_NULL_SHA
- *RSA_NULL_SHA256
- *RSA_NULL_SHA
- *RSA_NULL_MD5
Shipped SSL default cipher specification list
The
following displays the order of the shipped default cipher specification
list:
- *ECDHE_ECDSA_AES_128_CBC_SHA256
- *ECDHE_ECDSA_AES_256_CBC_SHA384
- *ECDHE_ECDSA_AES_128_GCM_SHA256
- *ECDHE_ECDSA_AES_256_GCM_SHA384
- *RSA_AES_128_CBC_SHA256
- *RSA_AES_128_CBC_SHA
- *RSA_AES_256_CBC_SHA256
- *RSA_AES_256_CBC_SHA
- *RSA_AES_128_GCM_SHA256
- *RSA_AES_256_GCM_SHA384
- *ECDHE_RSA_AES_128_CBC_SHA256
- *ECDHE_RSA_AES_256_CBC_SHA384
- *ECDHE_RSA_AES_128_GCM_SHA256
- *ECDHE_RSA_AES_256_GCM_SHA384
The following table shows the cipher specifications that are supported for each protocol version. The supported cipher specifications for each protocol are indicated by the "X" in the appropriate column.
QSSLCSL System Value Representation | TLSv1.2 | TLSv1.1 | TLSv1.0 | SSLv3 | SSLv2 |
---|---|---|---|---|---|
*RSA_AES_128_GCM_SHA256 | X | ||||
*RSA_AES_256_GCM_SHA384 | X | ||||
*ECDHE_ECDSA_NULL_SHA | X | ||||
*ECDHE_ECDSA_RC4_128_SHA | X | ||||
*ECDHE_ECDSA_3DES_EDE_CBC_SHA | X | ||||
*ECDHE_RSA_NULL_SHA | X | ||||
*ECDHE_RSA_RC4_128_SHA | X | ||||
*ECDHE_RSA_3DES_EDE_CBC_SHA | X | ||||
*ECDHE_ECDSA_AES_128_CBC_SHA256 | X | ||||
*ECDHE_ECDSA_AES_256_CBC_SHA384 | X | ||||
*ECDHE_RSA_AES_128_CBC_SHA256 | X | ||||
*ECDHE_RSA_AES_256_CBC_SHA384 | X | ||||
*ECDHE_ECDSA_AES_128_GCM_SHA256 | X | ||||
*ECDHE_ECDSA_AES_256_GCM_SHA384 | X | ||||
*ECDHE_RSA_AES_128_GCM_SHA256 | X | ||||
*ECDHE_RSA_AES_256_GCM_SHA384 | X | ||||
*RSA_AES_256_CBC_SHA256 | X | ||||
*RSA_AES_128_CBC_SHA256 | X | ||||
*RSA_AES_256_CBC_SHA | X | X | X | ||
*RSA_AES_128_CBC_SHA | X | X | X | ||
*RSA_3DES_EDE_CBC_SHA | X | X | X | X | |
*RSA_RC4_128_SHA | X | X | X | X | |
*RSA_RC4_128_MD5 | X | X | X | X | X |
*RSA_DES_CBC_SHA | X | X | X | ||
*RSA_EXPORT_RC4_40_MD5 | X | X | X | ||
*RSA_EXPORT_RC2_CBC_40_MD5 | X | X | X | ||
*RSA_NULL_SHA256 | X | ||||
*RSA_NULL_SHA | X | X | X | X | |
*RSA_NULL_MD5 | X | X | X | X | |
*RSA_RC2_CBC_128_MD5 | X | ||||
*RSA_3DES_EDE_CBC_MD5 | X | ||||
*RSA_DES_CBC_MD5 | X |