SSL Protocols
System SSL has the infrastructure to support multiple protocols.
The following protocols can be supported by System SSL:
- Transport Layer Security version 1.2 protocol (TLSv1.2)
- Transport Layer Security version 1.1 protocol (TLSv1.1)
- Transport Layer Security version 1.0 protocol (TLSv1.0)
- Secure Sockets Layer version 3.0 protocol (SSLv3)
- Secure Sockets Layer version 2.0 protocol (SSLv2)
- SSLv2 cannot be used if TLSv1.2 is supported.
Shipped SSL Supported Protocols
System SSL is shipped with the following supported protocols:
- Transport Layer Security version 1.0 protocol (TLSv1.0)
- Transport Layer Security version 1.1 protocol (TLSv1.1)
- Transport Layer Security version 1.2 protocol (TLSv1.2)
Note: SSLv3 and SSLv2 are shipped as disabled
for System SSL. The QSSLPCL system value can be used to disable or
enable any of the protocols.
Shipped SSL Default Protocols
The following default protocols are used by System SSL when requested by an application:
- Transport Layer Security version 1.0 protocol (TLSv1)
- Transport Layer Security version 1.1 protocol (TLSv1.1)
- Transport Layer Security version 1.2 protocol (TLSv1.2)
The shipped default protocols can be changed by using System Service Tools (SST) Advanced Analysis Command SSLCONFIG.
Note: Removing a default protocol from the
supported protocol list also removes it from the default protocol
list.