Question & Answer
Question
How can I disable the use of DES and 3DES ciphers for my SSL/TLS FTP encrypted connections?
Answer
If using native TLS, then the list of support ciphers are limited to the following ciphers, specified on the CIPHERSUITE statement in the FTP.DATA file for z/OS FTP server or client. .
SSL_NULL_MD5
SSL_NULL_SHA
SSL_RC4_MD5_EX
SSL_RC4_MD5
SSL_RC4_SHA
SSL_RC2_MD5_EX
SSL_DES_SHA
SSL_3DES_SHA
SSL_AES_128_SHA
SSL_AES_256_SHA
.
You can keep the required ciphers in the list and remove the rest so that they are not used.
If using ATTLS, then you can update the list of supported cipher suites in the ATTLS policy (depending on the TLS protocol being used) on the V3CipherSuites or V3CipherSuites4Char parameters on the TTLSCipherParms statement.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
06 October 2017
UID
dwa1405419