System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
09 = *RSA_DES_CBC_SHA<br />
0A = *RSA_3DES_EDE_CBC_SHA<br />
2F = *RSA_AES_128_CBC_SHA (TLS Version 1 only)<br />
35 = *RSA_AES_256_CBC_SHA (TLS Version 1 only)<br />
NULL = Default cipher specs are used (may change in future)<br />
The default list is ’2F0504350A’<br />
4. SSL Version 2 support is disabled when the operating system is installed resulting in no SSL Version 2<br />
ciphers being supported. If SSL Version 2 is enabled (not recommended), the following<br />
GSK_V2_CIPHER_SPECS values are the SSL Version 2 ciphers that would be supported if shipped<br />
supported cipher list has not been altered.<br />
1 = *RSA_RC4_128_MD5<br />
2 = *RSA_EXPORT_RC4_40_MD5<br />
4 = *RSA_EXPORT_RC2_CBC_40_MD5<br />
NULL = Default cipher specs are used (may change in future)<br />
The default list is ’1’<br />
The following GSK_V2_CIPHER_SPECS values are the SSL Version 2 ciphers potentially supported if<br />
an administrator later enables SSL Version 2:<br />
1 = *RSA_RC4_128_MD5<br />
2 = *RSA_EXPORT_RC4_40_MD5<br />
3 = *RSA_RC2_CBC_128_MD5<br />
4 = *RSA_EXPORT_RC2_CBC_40_MD5<br />
6 = *RSA_DES_CBC_MD5<br />
7 = *RSA_3DES_EDE_CBC_MD5<br />
NULL = Default cipher specs are used (may change in future)<br />
The default list is ’136’<br />
5. The list of supported cipher suites and the ordered list of default cipher suites are configurable from<br />
the Change <strong>System</strong> Value (CHGSYSVAL) command. The Display <strong>System</strong> Value (DSPSYSVAL)<br />
command or the Retrieve <strong>System</strong> Values (QWCRSVAL) API can be used to determine the current<br />
settings of the supported ciphers (QSSLCSL) and protocols (QSSLPCL) for system SSL.<br />
6. The following GSK_BUF_ID values currently are not supported in the i5/OS ®<br />
implementation:<br />
v GSK_KEYRING_STASH_FILE<br />
v GSK_LDAP_SERVER<br />
v GSK_LDAP_USER<br />
v GSK_LDAP_USER_PW<br />
v GSK_USER_DATA<br />
v GSK_SID_VALUE<br />
v GSK_PKCS11_DRIVER_PATH<br />
v GSK_PKCS11_TOKEN_LABEL<br />
v GSK_PKCS11_TOKEN_PWD<br />
v GSK_CSP_NAME<br />
7. The following are the possible scenerios for the use of GSK_KEYRING_LABEL:<br />
v GSK_KEYRING_LABEL can be set after gsk_environment_open() and before<br />
gsk_environment_init() to indicate which certificate in the GSK_KEYRING_FILE to use for the<br />
secure environment.<br />
v GSK_KEYRING_LABEL can be set after gsk_secure_soc_open() and before gsk_secure_soc_init()<br />
to indicate which certificate in the GSK_KEYRING_FILE to use for the secure session.<br />
v If GSK_KEYRING_LABEL is not set, the default certificate label in the GSK_KEYRING_FILE is<br />
used for the SSL environment.<br />
<strong>Secure</strong> <strong>Sockets</strong> <strong>APIs</strong> 19