CTL_SSL_CIPHER_SUITES - UBROKER configuration option
Description
The CTL_SSL_CIPHER_SUITES option specifies one or more SSL/TLS 1.3 specific cipher suites that are acceptable to use for network communications on the control session, which is used for component internal communication.
This option is specific to TLS 1.3. To configure ciphers for TLS 1.2 and earlier, see the ctl_ssl_cipher_list option.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
|---|---|---|---|---|---|
Command Line, Long Form | -ctl_ssl_cipher_suites cipherlist | ||||
Environment Variable | UBRCTLSSLCIPHERSUITES=cipherlist | ||||
Configuration File Keyword | ctl_ssl_cipher_suites cipherlist |
Values
cipherlist is a comma-separated list of SSL/TLS 1.3 specific cipher suites. The list should be ordered with the most preferred suite first and the least preferred suite last.
The list is in default order, with the most preferred suite first and the least preferred suite last.
If the SSL implementation is System SSL, the order of the list does not indicate preference.
Cipher Suite | Description |
|---|---|
TLS_AES_256_GCM_SHA384 | 256-bit AES encryption in Galois Counter Mode, SHA-2 384-bit message digest |
TLS_CHACHA20_POLY1305_SHA256 | 256-bit CHACHA encryption with POLY1305 message authentication, SHA-2 256-bit message digest |
TLS_AES_128_GCM_SHA256 | 128-bit AES encryption in Galois Counter Mode, SHA-2 256-bit message digest |