System TLS system level settings
System TLS has many attributes that determine how secure sessions are negotiated.
- The application developer sets an explicit value for the attribute by using code.
- The application developer provides a user interface to allow the application administrator to indirectly set the attribute value.
- The application developer does not set a value for the attribute. System TLS uses the default value for the attribute.
Security compliance requirements change over the lifespan of a release. To remain compliant, system administrators need to override some attribute values. System TLS provides various system level settings to implement this level of control.
- Completely disable the value for an attribute
- The disabled value is ignored when it is used by any of the three methods of setting the attribute value
- Application encounters a hard failure if no valid value remains enabled for the attribute
- Application encounters a soft failure if peer requires the disabled value
- Disable a default value for an attribute
- Changes only applications that use System TLS defaults for setting this specific attribute
- Application soft failure if peer requires the disabled value
- TLS System Values
- System Service Tools (SST) Advanced Analysis command TLSCONFIG as specified.
The following System TLS attributes can have their enabled values, default values, or both changed at the system level.