SSL Protocols

System SSL has the infrastructure to support multiple protocols.

The following protocols can be supported by System SSL:
  • Transport Layer Security version 1.2 protocol (TLSv1.2)
  • Transport Layer Security version 1.1 protocol (TLSv1.1)
  • Transport Layer Security version 1.0 protocol (TLSv1.0)
  • Secure Sockets Layer version 3.0 protocol (SSLv3)
  • Secure Sockets Layer version 2.0 protocol (SSLv2)
    • SSLv2 cannot be used if TLSv1.2 is supported.

Shipped SSL Supported Protocols

System SSL is shipped with the following supported protocols:

  • Transport Layer Security version 1.0 protocol (TLSv1.0)
  • Transport Layer Security version 1.1 protocol (TLSv1.1)
  • Transport Layer Security version 1.2 protocol (TLSv1.2)
Note: SSLv3 and SSLv2 are shipped as disabled for System SSL. The QSSLPCL system value can be used to disable or enable any of the protocols.

Shipped SSL Default Protocols

The following default protocols are used by System SSL when requested by an application:

  • Transport Layer Security version 1.0 protocol (TLSv1)
  • Transport Layer Security version 1.1 protocol (TLSv1.1)
  • Transport Layer Security version 1.2 protocol (TLSv1.2)

The shipped default protocols can be changed by using System Service Tools (SST) Advanced Analysis Command SSLCONFIG.

Note: Removing a default protocol from the supported protocol list also removes it from the default protocol list.