Has z/OS Communications Server V2R3 removed any ciphers from its default cipher lists?

Yes. Because they are considered weak, the following ciphers have been removed from the default cipher lists used by z/OS Communications Server V2R3:

TLS and SSLv3:

• 00/0000 (TLS_NULL_WITH_NULL_NULL)

• 01/0001 (TLS_RSA_WITH_NULL_MD5)

• 02/0002 (TLS_RSA_WITH_NULL_SHA)

• 03/0003 (TLS_RSA_EXPORT_WITH_RC4_40_MD5)

• 04/0004 (TLS_RSA_WITH_RC4_128_MD5)

• 05/0005 (TLS_RSA_WITH_RC4_128_SHA)

• 06/0006 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5)

• 0C/000C (TLS_DH_DSS_WITH_DES_CBC_SHA)

• 0D/000D (TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA)

• 0F/000F (TLS_DH_RSA_WITH_DES_CBC_SHA)

• 10/0010 (TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA)

• 30/0030 (TLS_DH_DSS_WITH_AES_128_CBC_SHA)

• 31/0031 (TLS_DH_RSA_WITH_AES_128_CBC_SHA)

• 36/0036 (TLS_DH_DSS_WITH_AES_256_CBC_SHA)

• 37/0037 (TLS_DH_RSA_WITH_AES_256_CBC_SHA)

SSLv2:

• 01/0001 (128-bit RC4 encryption with MD5 message authentication (128-bit secret key))

• 02/0002 (128-bit RC4 export encryption with MD5 message authentication (40-bit secret key))

For applications that must continue to use these ciphers, the ciphers must be explicitly enabled.