× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



With all the recent discussions on SSL due to the OpenSSL bug and the process to verify our iSeries was not affected by this, we had one scanning site make a strong recommendation to enable TLS 1.2 support. I know that as of V7.1 IBM did add TLS 1.2 support and found reference to how to enable it. In looking at our system I noticed that system value QSSLCLSCTL is set to *USRFDN and I do not know how long it has been that way. It may have been from before we upgraded from V5R4 to V7.1, which if I read IBM docs correctly, means the Cipher list in QSSLCSL would not get automatically updated on an upgrade and just adding TLS 1.1 and TLS 1.2 support on QSSLPCL would not add to the Cipher list automatically.

So beings be to two questions before I fully enable TLS 1.2.

1) Has anyone else done this and if so, were there any gotchas to be aware of?

2) Is this the complete list of all current Cipher's that should be defined?

a. *RSA_RC4_128_SHA

b. *RSA_AES_128_CBC_SHA

c. *RSA_RC4_128_MD5

d. *RSA_AES_256_CBC_SHA

e. *RSA_3DES_EDE_CBC_SHA

f. *RSA_DES_CBC_SHA

g. *RSA_EXPORT_RC4_40_MD5

h. *RSA_EXPORT_RC2_CBC_40_MD5

i. *RSA_NULL_SHA

j. *RSA_NULL_MD5

Some of my reference links
http://www.itjungle.com/bns/bns020613-story01.html
http://ibmsystemsmag.blogs.com/i_can/2013/02/new-system-ssl-support.html
https://www.ibm.com/developerworks/ibmi/library/i-system-ssl-ibmi/index.html

Thanks

Mike Cunningham
Pennsylvania College of Technology



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.