SSL cipher specifications
When an SSL connection is established, the client (web browser) and the web server negotiate the cipher to use for the connection. The web server has an ordered list of ciphers, and the first cipher in the list that is supported by the client is selected.
Introduction
View the list of current of SSL ciphers.
Attention: This list of ciphers could change
as a result of updates to industry standards. You can determine the list of ciphers supported in a
particular version of IBM® HTTP Server by configuring it to
load mod_ibm_ssl and running
bin/apachectl -t -f path/to/httpd.conf
-DDUMP_SSL_CIPHERS.Avoid trouble:
- Ciphers should be enabled via their "long name".
- Ciphers containing "ECDHE_RSA" in their name use a standard RSA certificate and can coexist with older RSA ciphers and clients.
- Ciphers containing "ECDHE_ECDSA" in their name requires an ECC (Elliptic Curve Cryptography) certificate/key to be created (with gskcapicmd if you are running on a distributed platform, or gskkyman if you are running on z/OS®).
![[z/OS]](../images/ngzos.svg)
On z/OS, ICSF must be available to use
ECDHE, ECDSA, and AES-GCM ciphers. See RACF® CSFSERV Resource Requirements
in the z/OS Cryptographic Services System SSL Programming for more information.
SSL and TLS ciphers
Attention: SSL and TLS cipher values:
- "- "= cipher that is not valid for the protocol
- "d" = cipher is enabled by default
- "y" = cipher is valid but not enabled by default
![[9.0.5.15 or later]](../images/ng90515.svg)
"y*"= In prior maintenance levels, cipher was enabled by default ("d").![[AIX Solaris HP-UX Linux Windows]](../images/ngdist.svg)
cipher is valid but not enabled by default.- cipher is valid but only enabled by default if ICSF is not available.
For transitioning users: To improve security, IBM HTTP Server Version 9.0 disables weak SSL ciphers, export SSL ciphers, and
the SSL Version 2 and Version 3 protocols by default. SSL Version 2, weak ciphers, and export
ciphers are generally unsuitable for production SSL workloads on the internet and are flagged by
security scanners. To enable ciphers, use the SSLCipherSpec directive.
Important: On z/OS when ICSF is not available, only ciphers TLS_RSA_WITH_AES_256_CBC_SHA
and TLS_RSA_WITH_AES_128_CBC_SHA are enabled by default. Other ciphers result in a runtime
error.
| Short name | Long name | Key size (bits) | FIPS | TLSv11 | TLSv12 | TLSv13 |
|---|---|---|---|---|---|---|
| 1301 | TLS_AES_128_GCM_SHA256 | 128 | Y | - | - |
|
| 1302 | TLS_AES_256_GCM_SHA384 | 256 | Y | - | - |
|
| 1303 | TLS_CHACHA20_POLY1305_SHA256 | 256 | - | - | - |
|
| 1304 | TLS_AES_128_CCM_SHA256 | 128 | Y | - | - |
|
| 1305 | TLS_AES_128_CCM_8_SHA256 | 128 | Y | - | - |
|
| C030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 256 | Y | - | d | |
| C02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 128 | Y | - | d | |
| C028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 256 | Y | - | y* | |
| C027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 128 | Y | - | y* | |
| C014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 256 | Y | - | y* | |
| C013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 128 | Y | - | y* | |
| 9D | TLS_RSA_WITH_AES_256_GCM_SHA384 | 256 | Y | - | y* | |
| 9C | TLS_RSA_WITH_AES_128_GCM_SHA256 | 128 | Y | - | y* | |
| 3D | TLS_RSA_WITH_AES_256_CBC_SHA256 | 256 | Y | - | y* | |
| 3C | TLS_RSA_WITH_AES_128_CBC_SHA256 | 128 | Y | - | y* | |
| 35b | TLS_RSA_WITH_AES_256_CBC_SHA | 256 | Y | y* | y* | |
| 2F | TLS_RSA_WITH_AES_128_CBC_SHA | 128 | Y | y* | y* | |
| C009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 128 | Y | - | y* | |
| C00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 256 | Y | - | y* | |
| C023 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | 128 | Y | - | y* | |
| C024 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 256 | Y | - | y* | |
| C02C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 256 | Y | - | d | |
| C02B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | 128 | Y | - | d |
![[9.0.5.2 or later]](../images/ng9052.svg)
d![[9.0.5.9 or later]](../images/ng9059.svg)
yNote: The
TLSv10 and TLSv11 protocols are not
enabled by default after IBM HTTP Server versions 9.0.5.9. and 8.5.5.20.Important:
- 3DES ciphers are disabled by default on IBM HTTP Server versions 9.0.0.6 and later.
Weaker ciphers, not enabled by default:
| Short name | Long name | Key size (bits) | FIPS | TLSv11 | TLSv12 |
|---|---|---|---|---|---|
| C010 | TLS_ECDHE_RSA_WITH_NULL_SHA | 0 | Y | - | Y |
| C008 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 168 | Y | - | Y |
| C012 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 168 | Y | - | Y |
| 3A | SSL_RSA_WITH_3DES_EDE_CBC_SHA | 168 | Y | Y | Y |
| C007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 128 | Y | - | Y |
| C011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | 128 | Y | - | Y |
| 35 | SSL_RSA_WITH_RC4_128_SHA | 128 | - | Y | Y |
| 34 | SSL_RSA_WITH_RC4_128_MD5 | 128 | - | Y | - |
| 39 | SSL_RSA_WITH_DES_CBC_SHA | 56 | - | y | - |
| 33 | SSL_RSA_EXPORT_WITH_RC4_40_MD5 | 40 | - | - | - |
| 36 | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 40 | - | - | - |
| 62 | TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA | 56 | - | - | - |
| 64 | TLS_RSA_EXPORT1024_WITH_RC4_56_SHA | 56 | - | - | - |
| 32 | SSL_RSA_WITH_NULL_SHA | 0 | - | y | y |
| 31 | SSL_RSA_WITH_NULL_MD5 | 0 | - | y | - |
| 3B | TLS_RSA_WITH_NULL_SHA256 | 0 | Y | - | y |
| 30 | SSL_NULL_WITH_NULL_NULL | 0 | - | y | y |
| 27 | SSL_DES_192_EDE3_CBC_WITH_MD5 | 168 | - | - | - |
| 21 | SSL_RC4_128_WITH_MD5 | 128 | - | - | - |
| 23 | SSL_RC2_CBC_128_CBC_WITH_MD5 | 128 | - | - | - |
| 26 | SSL_DES_64_CBC_WITH_MD5 | 56 | - | - | - |
| 24 | SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 | 40 | - | - | - |
| 22 | SSL_RC4_128_EXPORT40_WITH_MD5 | 40 | - | - | - |
| FE | SSL_RSA_FIPS_WITH_DES_CBC_SHA | 56 | - | - | - |
| FF | SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | 168 | - | - | - |