Secure Sockets Layer (SSL) cipher specification list (QSSLCSL)

The Secure Sockets Layer cipher specification list (QSSLCSL) system value determines what cipher specification list will be supported by System SSL.

System SSL uses the sequence of the values in QSSLCSL to order the System SSL default cipher specification list. The default cipher specification list entries are system defined and can be changed on release boundaries. If a default cipher suite is removed from the QSSLCSL system value, it is also removed from the default cipher specification list. The default cipher suite is added back to the default cipher specification list when the cipher suite is added back into the QSSLCSL system value. You cannot add other cipher suites to the default cipher specification list beyond the system defined set for the release. Besides, a cipher suite cannot be added to QSSLCSL if the required SSL protocol value for the cipher suite is not set for the QSSLPCL (SSL protocol list) system value.

The values of the QSSLCSL system value are read-only unless the SSL cipher control (QSSLCSLCTL) system value is set to *USRDFN.

The values allowed for the QSSLCSL system value are as follows:

  • Start of change*RSA_AES_128_GCM_SHA256End of change
  • Start of change*RSA_AES_256_GCM_SHA384End of change
  • Start of change*ECDHE_ECDSA_NULL_SHAEnd of change
  • Start of change*ECDHE_ECDSA_RC4_128_SHAEnd of change
  • Start of change*ECDHE_ECDSA_3DES_EDE_CBC_SHAEnd of change
  • Start of change*ECDHE_RSA_NULL_SHAEnd of change
  • Start of change*ECDHE_RSA_RC4_128_SHAEnd of change
  • Start of change*ECDHE_RSA_3DES_EDE_CBC_SHAEnd of change
  • Start of change*ECDHE_ECDSA_AES_128_CBC_SHA256End of change
  • Start of change*ECDHE_ECDSA_AES_256_CBC_SHA384End of change
  • Start of change*ECDHE_RSA_AES_128_CBC_SHA256End of change
  • Start of change*ECDHE_RSA_AES_256_CBC_SHA384End of change
  • Start of change*ECDHE_ECDSA_AES_128_GCM_SHA256End of change
  • Start of change*ECDHE_ECDSA_AES_256_GCM_SHA384End of change
  • Start of change*ECDHE_RSA_AES_128_GCM_SHA256End of change
  • Start of change*ECDHE_RSA_AES_256_GCM_SHA384End of change
  • *RSA_AES_128_CBC_SHA256
  • *RSA_AES_128_CBC_SHA
  • *RSA_AES_256_CBC_SHA256
  • *RSA_AES_256_CBC_SHA
  • *RSA_3DES_EDE_CBC_SHA
  • *RSA_RC4_128_SHA
  • *RSA_RC4_128_MD5
  • *RSA_DES_CBC_SHA
  • *RSA_EXPORT_RC2_CBC_40_MD5
  • *RSA_EXPORT_RC4_40_MD5
  • *RSA_NULL_SHA256
  • *RSA_NULL_SHA
  • *RSA_NULL_MD5
  • *RSA_RC2_CBC_128_MD5
  • *RSA_3DES_EDE_CBC_MD5
  • *RSA_DES_CBC_MD5
Note: You must have *IOSYSCFG, *ALLOBJ, and *SECADM special authorities to change this system value.

You can refer to the Secure Sockets Layer cipher specification list topic in the System values topic collection for more information about the shipped values.