General Page
Help for encryption used in ECuRep.
- How can I query information about the encryption used?
- Where can I find information about z/OS cipher suites?
- How do the different cipher suite denotations match?
How can I query information about the encryption used?
OpenSSL is providing different commands, which can be used to get information about the used encryption protocols, the ciphers, and the certificates. The following commands provide help:
Command to:
- List the TLS certificates used by a server:
openssl s_client -connect <hostname>:<port> -servername <fully_qualified_server_name> -starttls <protocol> -showcerts < /dev/null
Example:
openssl s_client -connect ftps.ecurep.ibm.com:21 -servername ftps.ecurep.ibm.com -starttls ftp -showcerts < /dev/null - List all HIGH ciphers supported by the openSSL version installed. ECuRep does support HIGH ciphers only:
openssl ciphers -v HIGH - Verify whether a cipher listed by the command above is supported:
openssl s_client -connect <host>:<port> -servername <fully_qualified_server_name> -starttls <protocol> -cipher <cipher> < /dev/null
Example:
openssl s_client -connect ftps.ecurep.ibm.com:21 -servername ftps.ecurep.ibm.com -starttls ftp -cipher AES128-GCM-SHA256 < /dev/null
Where can I find information about z/OS cipher suites?
Information about the z/OS cipher suite definitions can be found at the reference for z/OS 2.4:
How do the different cipher suites denotations match?
There are different cipher denotations. The cipher suites in RFC 5246, in openSSL and in GnuTLS differ slightly.
This is a list of cipher suites used in ECuRep in all denotations.
| Hex code | TLS | openSSL | GnuTLS | TLS version |
|---|---|---|---|---|
| [0x1301] | TLS_AES_128_GCM_SHA256 | TLS_AES_128_GCM_SHA256 | TLS_AES_128_GCM_SHA256 | 1.3 |
| [0x1302] | TLS_AES_256_GCM_SHA384 | TLS_AES_256_GCM_SHA384 | TLS_AES_256_GCM_SHA384 | 1.3 |
| [0x1304] | TLS_AES_128_CCM_SHA256 | TLS_AES_128_CCM_SHA256 | TLS_AES_128_CCM_SHA256 | 1.3 |
| [0xc02b] | ECDHE_ECDSA_AES128_GCM_SHA256 | TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 | 1.2 & FIPS approved | |
| [0xc02f] | ECDHE_RSA_AES128_GCM_SHA256 | TLS_ECDHE_RSA_AES_128_GCM_SHA256 | 1.2 & FIPS approved | |
| [0x02c] | ECDHE_ECDSA_AES256_GCM_SHA384 | TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 | 1.2 & FIPS approved | |
| [0xc030] | ECDHE_RSA_AES256_GCM_SHA384 | TLS_ECDHE_RSA_AES_256_GCM_SHA384 | 1.2 & FIPS approved |
Related links
[{"Type":"MASTER","Line of Business":{"code":"","label":""},"Business Unit":{"code":"","label":""},"Product":{"code":"ECUREP","label":"ECuRep notice"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
07 March 2025
UID
ibm16259449