General Page
Help for encryption used in ECuRep.
- How can I query information about the encryption used?
- Where can I find information about z/OS cipher suites?
- How do the different cipher suite denotations match?
How can I query information about the encryption used?
OpenSSL is providing different commands, which can be used to get information about the used encryption protocols, the ciphers, and the certificates. The following commands provide help:
Command to:
- List the TLS certificates used by a server:
openssl s_client -connect <hostname>:<port> -servername <fully_qualified_server_name> -starttls <protocol> -showcerts < /dev/null
Example:
openssl s_client -connect ftps.ecurep.ibm.com:21 -servername ftps.ecurep.ibm.com -starttls ftp -showcerts < /dev/null
- List all HIGH ciphers supported by the openSSL version installed. ECuRep does support HIGH ciphers only:
openssl ciphers -v HIGH
- Verify whether a cipher listed by the command above is supported:
openssl s_client -connect <host>:<port> -servername <fully_qualified_server_name> -starttls <protocol> -cipher <cipher> < /dev/null
Example:
openssl s_client -connect ftps.ecurep.ibm.com:21 -servername ftps.ecurep.ibm.com -starttls ftp -cipher AES128-GCM-SHA256 < /dev/null
Where can I find information about z/OS cipher suites?
Information about the z/OS cipher suite definitions can be found at the reference for z/OS 2.4:
How do the different cipher suites denotations match?
There are different cipher denotations. The cipher suites in RFC 5246, in openSSL and in GnuTLS differ slightly.
This is a list of cipher suites used in ECuRep in all denotations.
TLS ID | RFC 5246 | openSSL | GnuTLS |
---|---|---|---|
[0x00 0x3C] | TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 | TLS_RSA_AES_128_CBC_SHA256 |
[0x00 0x3D] | TLS_RSA_WITH_AES_256_CBC_SHA256 | AES256-SHA256 | TLS_RSA_AES_256_CBC_SHA256 |
[0x00 0x9C] | TLS_RSA_WITH_AES_128_GCM_SHA256 | AES128-GCM-SHA256 | TLS_RSA_AES_128_GCM_SHA256 |
[0x00 0x9D] | TLS_RSA_WITH_AES_256_GCM_SHA384 | AES256-GCM-SHA384 | TLS_RSA_AES_256_GCM_SHA384 |
[0xC0 0x27] | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 | TLS_ECDHE_RSA_AES_128_CBC_SHA256 |
[0xC0 0x28] | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE-RSA-AES256-SHA384 | TLS_ECDHE_RSA_AES_256_CBC_SHA384 |
[0xC0 0x30] | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 | TLS_ECDHE_RSA_AES_256_GCM_SHA384 |
Related links
[{"Type":"MASTER","Line of Business":{"code":"","label":""},"Business Unit":{"code":"","label":""},"Product":{"code":"ECUREP","label":"ECuRep notice"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
15 November 2021
UID
ibm16259449