Question & Answer
Question
How do I remove the null cipher from the list of acceptable ciphers for secure FTP and AT-TLS?
Answer
The default ciphers used by System SSL support a null cipher, which has no encryption or authentication.
The null ciphers for secure FTP are:
SSL_NULL_MD5
SSL_NULL_SHA
To remove the null ciphers from the acceptable list of ciphers used by secure FTP, code CIPHERSUITE statements that specify non-null ciphers only.
The null ciphers for secure Telnet are:
SSL_NULL_SHA
SSL_NULL_MD5
SSL_NULL_Null
To remove the null ciphers from the acceptable list of ciphers used by secure Telnet, code your ENCRYPTION statement to specify non-null ciphers only.
The null ciphers for AT-TLS are:
TLS_NULL_WITH_NULL_NULL
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_SHA256 (starting with V2R1)
TLS_ECDH_ECDSA_WITH_NULL_SHA (starting with V2R1)
TLS_ECDHE_ECDSA_WITH_NULL_SHA (starting with V2R1)
TLS_ECDH_RSA_WITH_NULL_SHA (starting with V2R1)
TLS_ECDHE_RSA_WITH_NULL_SHA (starting with V2R1)
To remove the null ciphers from the acceptable list of ciphers used by AT-TLS,
code non-null ciphers only on the V3CipherSuites parameter of your TTLSCipherSuites statement, if hard-coding your AT-TLS policy.
if using zOSMF Configuration Assistant, avoid selecting the null ciphers in the Security Level dialog of the AT-TLS perspective.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
13 April 2018
UID
dwa1190076