How can I disable the use of DES and 3DES ciphers for my SSL/TLS FTP encrypted connections?

Question & Answer

Question

Answer

If using native TLS, then the list of support ciphers are limited to the following ciphers, specified on the CIPHERSUITE statement in the FTP.DATA file for z/OS FTP server or client. .

     SSL_NULL_MD5 
     SSL_NULL_SHA 
     SSL_RC4_MD5_EX 
     SSL_RC4_MD5 
     SSL_RC4_SHA 
     SSL_RC2_MD5_EX 
     SSL_DES_SHA 
     SSL_3DES_SHA 
     SSL_AES_128_SHA 
     SSL_AES_256_SHA

You can keep the required ciphers in the list and remove the rest so that they are not used.

If using ATTLS, then you can update the list of supported cipher suites in the ATTLS policy (depending on the TLS protocol being used) on the V3CipherSuites or V3CipherSuites4Char parameters on the TTLSCipherParms statement.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
06 October 2017

UID

dwa1405419

Tips

How can I disable the use of DES and 3DES ciphers for my SSL/TLS FTP encrypted connections?

Question & Answer

Question

Answer

Product Synonym

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?