Transport Layer Security (TLS) cipher specification list (QSSLCSL)

Edit online

The Transport Layer Security cipher specification list (QSSLCSL) system value determines the specific cipher suites supported by System TLS. Applications can negotiate secure sessions with only a cipher suite that is listed in QSSLCSL. No matter what an application does with code or configuration, it cannot negotiate secure sessions with a cipher suite if it is not listed in QSSLCSL. Individual application configuration determines which of the enabled cipher suites are used for that application.

System TLS uses the sequence of the values in QSSLCSL to determine the order of the System TLS default cipher specification list. You can refer to the Cipher suite configuration in the TLS topic for additional details on displaying and configuring the default cipher specification list.

A cipher suite cannot be added to QSSLCSL if the required TLS protocol value for the cipher suite is not set for the QSSLPCL (TLS protocol list) system value.

The values of the QSSLCSL system value are read-only unless the TLS cipher control (QSSLCSLCTL) system value is set to *USRDFN.

The values allowed for the QSSLCSL system value are as follows:

  • *AES_128_GCM_SHA256
  • *AES_256_GCM_SHA384
  • *CHACHA20_POLY1305_SHA256
  • *RSA_AES_128_GCM_SHA256
  • *RSA_AES_256_GCM_SHA384
  • *ECDHE_ECDSA_NULL_SHA
  • *ECDHE_ECDSA_RC4_128_SHA
  • *ECDHE_ECDSA_3DES_EDE_CBC_SHA
  • *ECDHE_RSA_NULL_SHA
  • *ECDHE_RSA_RC4_128_SHA
  • *ECDHE_RSA_3DES_EDE_CBC_SHA
  • *ECDHE_ECDSA_AES_128_CBC_SHA256
  • *ECDHE_ECDSA_AES_256_CBC_SHA384
  • *ECDHE_RSA_AES_128_CBC_SHA256
  • *ECDHE_RSA_AES_256_CBC_SHA384
  • *ECDHE_ECDSA_AES_128_GCM_SHA256
  • *ECDHE_ECDSA_AES_256_GCM_SHA384
  • *ECDHE_RSA_AES_128_GCM_SHA256
  • *ECDHE_RSA_AES_256_GCM_SHA384
  • *ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
  • *ECDHE_RSA_CHACHA20_POLY1305_SHA256
  • *RSA_AES_128_CBC_SHA256
  • *RSA_AES_128_CBC_SHA
  • *RSA_AES_256_CBC_SHA256
  • *RSA_AES_256_CBC_SHA
  • *RSA_3DES_EDE_CBC_SHA
  • *RSA_RC4_128_SHA
  • *RSA_RC4_128_MD5
  • *RSA_DES_CBC_SHA
  • *RSA_EXPORT_RC2_CBC_40_MD5
  • *RSA_EXPORT_RC4_40_MD5
  • *RSA_NULL_SHA256
  • *RSA_NULL_SHA
  • *RSA_NULL_MD5
Note: You must have *IOSYSCFG, *ALLOBJ, and *SECADM special authorities to change this system value.

You can refer to the Transport Layer Security cipher specification list topic in the System values topic collection for more information about the shipped values.