TLS enabled and default cipher specification lists have changed for System TLS

The System TLS enabled cipher specification list no longer contains Triple Des (3DES), Cipher Block Chaining (CBC), or RSA key exchange ciphers when the QSSLCSLCTL system value is *OPSYS.

If one of those ciphers is needed, the administrator must add it to system value QSSLCSL. Administrators control the ciphers enabled for System TLS using the system values QSSLCSL and QSSLCSLCTL.

The System TLS shipped eligible default cipher specification list no longer contains Triple Des (3DES), Cipher Block Chaining (CBC), or RSA key exchange ciphers.

If one of these ciphers must be added to the default protocol list after it has been added to the enabled list, use the System Service tools Advanced Analysis command TLSCONFIG option eligibleDefaultCipherSuites to add the value.

See the System TLS topic in the IBM® Knowledge Center for additional information.