Take a close look at the help text for
14. Advanced analysis
SSLCONFIG
-h
Purpose:
Allows viewing or altering system wide System SSL default properties.
-eligibleDefaultCipherSuites:<cipherSuiteNumber>[,<cipherSuiteNumber>...]
Set the System SSL eligible default cipher suite list.
This option takes a comma separated list of numbers
to determine the eligible default cipher suites. This list
is used along with QSSLCSL to generate the default cipher
suite list used by System SSL.
CipherSuiteNumber CipherSuiteName
----------------- ---------------
04 RSA_RC4_128_MD5
05 RSA_RC4_128_SHA
0A RSA_3DES_EDE_CBC_SHA
2F RSA_AES_128_CBC_SHA
35 RSA_AES_256_CBC_SHA
3C RSA_AES_128_CBC_SHA256
3D RSA_AES_256_CBC_SHA256
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
Sent: Friday, August 19, 2016 10:00 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: (GSKit) No compatible cipher suite available between SSL end points.
With all due respect to those that like V7R1, V7R2 has been out for some time, V7R3 is now out.
We are in that same time warp that V5R4 created by IBM holding onto support even though V6R1 and V7R1 had been out for several years. I don't want IBM spending a dime on new things for V7R1, I'd rather them continue to develop V7R3. Apply back to V7R2 where it's reasonable. I would love it if IBM would simply announce the end of support for V7R1 and folks spent the next year getting the upgrades done.
There are significant changes to security and other things inside V7R2 and more so in V7R3. If that's a concern for your organization then an upgrade should be first on the list of projects. While I don't quite get as insistent as Rob with the "upgrade now" message I completely agree with it.
What I really don't get is why companies will spend millions keeping the Microsoft environments completely up to date with patches every month, but
they won't give the workhorse in the data center the same due. I try to
suggest PTFs twice to three times a year and I'm told "no that system is to critical to be down that long". Meanwhile the entire Intel suite is down for two hours overnight to apply patches.
--
Jim Oberholtzer
Agile Technology Architects
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Friday, August 19, 2016 8:46 AM
To: Midrange Systems Technical Discussion
Subject: Re: (GSKit) No compatible cipher suite available between SSL end points.
On Fri, Aug 19, 2016 at 6:15 AM, Rob Berendt <rob@xxxxxxxxx> wrote:
<snip>
Unless you have some magic suggestion on any other option ?
</snip>
Yes. Upgrade.
Rob Berendt
I agree if IBM is saying they won't update V7R1 (which is a bloody shame).
Brad
www.bvstools.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
midrange.com
