Question & Answer
Question
Has z/OS Communications Server V2R3 removed any ciphers from its default cipher lists?
Answer
Yes. Because they are considered weak, the following ciphers have been removed from the default cipher lists used by z/OS Communications Server V2R3:
TLS and SSLv3:
00/0000 (TLS_NULL_WITH_NULL_NULL)
01/0001 (TLS_RSA_WITH_NULL_MD5)
02/0002 (TLS_RSA_WITH_NULL_SHA)
03/0003 (TLS_RSA_EXPORT_WITH_RC4_40_MD5)
04/0004 (TLS_RSA_WITH_RC4_128_MD5)
05/0005 (TLS_RSA_WITH_RC4_128_SHA)
06/0006 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
0C/000C (TLS_DH_DSS_WITH_DES_CBC_SHA)
0D/000D (TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA)
0F/000F (TLS_DH_RSA_WITH_DES_CBC_SHA)
10/0010 (TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA)
30/0030 (TLS_DH_DSS_WITH_AES_128_CBC_SHA)
31/0031 (TLS_DH_RSA_WITH_AES_128_CBC_SHA)
36/0036 (TLS_DH_DSS_WITH_AES_256_CBC_SHA)
37/0037 (TLS_DH_RSA_WITH_AES_256_CBC_SHA)
SSLv2:
01/0001 (128-bit RC4 encryption with MD5 message authentication (128-bit secret key))
02/0002 (128-bit RC4 export encryption with MD5 message authentication (40-bit secret key))
For applications that must continue to use these ciphers, the ciphers must be explicitly enabled.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
07 September 2017
UID
dwa1399339