info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Cipher Suite Defiitions
20 views
Skip to first unread message
Billy Bingham
Jun 1, 2017, 12:19:43 PM6/1/17
to
I hope i can phrase this questions right :)
Where can I find a list of 'Cipher Suite Definitions' that z/VSE supports?
We've found something for z/OS, but my manager is looking for something
similar for z/VSE.
Billy
_______________________________________________
VSE-L mailing list
VS...@lists.lehigh.edu
https://lists.lehigh.edu/mailman/listinfo/vse-l
Where can I find a list of 'Cipher Suite Definitions' that z/VSE supports?
We've found something for z/OS, but my manager is looking for something
similar for z/VSE.
Billy
_______________________________________________
VSE-L mailing list
VS...@lists.lehigh.edu
https://lists.lehigh.edu/mailman/listinfo/vse-l
Frank M. Ramaekers
Jun 1, 2017, 12:56:54 PM6/1/17
to
Hmmm....think it depends on your TCP/IP stack.
Frank M. Ramaekers Jr.
_____________________________________________________<br>
This message contains information which is privileged and confidential and is solely for the use of the<br>
intended recipient. If you are not the intended recipient, be aware that any review, disclosure,<br>
copying, distribution, or use of the contents of this message is strictly prohibited. If you have<br>
received this in error, please destroy it immediately and notify us at Priva...@torchmarkcorp.com.
Frank M. Ramaekers Jr.
This message contains information which is privileged and confidential and is solely for the use of the<br>
intended recipient. If you are not the intended recipient, be aware that any review, disclosure,<br>
copying, distribution, or use of the contents of this message is strictly prohibited. If you have<br>
received this in error, please destroy it immediately and notify us at Priva...@torchmarkcorp.com.
Don Stoever
Jun 1, 2017, 1:34:46 PM6/1/17
to
If you are using the CSI Stack with our SSL/TLS implementation the
following cipher suites are supported:
SUIT0001 DC CL16'RSA_NULL_MD5 ',XL2'0001',CL2'01'
SUIT0002 DC CL16'RSA_NULL_SHA1 ',XL2'0002',CL2'02'
SUIT0008 DC CL16'RSA_SDES040_SHA1',XL2'0008',CL2'08'
SUIT0009 DC CL16'RSA_SDES056_SHA1',XL2'0009',CL2'09'
SUIT000A DC CL16'RSA_TDES168_SHA1',XL2'000A',CL2'0A'
SUIT002F DC CL16'RSA_AES128_SHA1 ',XL2'002F',CL2'2F'
SUIT0035 DC CL16'RSA_AES256_SHA1 ',XL2'0035',CL2'35'
SHA1 in the above uses a 160-bit(20-byte) message digest.
In addition we are adding TLS 1.2 support into TCP/IP 2.2 that adds the
following:
SUIT003C DC CL16'RSA_AES128_SH160',XL2'003C',CL2'3C'
SUIT003D DC CL16'RSA_AES256_SH256',XL2'003D',CL2'3D'
SH160 in the above is the same as SHA1 which uses a 160-bit(20-byte)
message digest.
SH256 in the above is the SHA2 algorithm which uses a 256-bit(32-byte)
message digest.
Donald R. Stoever
Product Developer
CSI-International
Office:
614.627.2908
Cell:
614.394.2541
E-Mail:
Don.Stoever@CSI-International
Web:
http://www.csi-international.com powered by entrée
-----Original Message-----
From: VSE-L
[mailto:vse-l-bounces+don.stoever=csi-intern...@lists.lehigh.edu
] On Behalf Of Billy Bingham
Sent: Thursday, June 01, 2017 12:20 PM
To: VSE Discussion List
Subject: Cipher Suite Defiitions
following cipher suites are supported:
SUIT0001 DC CL16'RSA_NULL_MD5 ',XL2'0001',CL2'01'
SUIT0002 DC CL16'RSA_NULL_SHA1 ',XL2'0002',CL2'02'
SUIT0008 DC CL16'RSA_SDES040_SHA1',XL2'0008',CL2'08'
SUIT0009 DC CL16'RSA_SDES056_SHA1',XL2'0009',CL2'09'
SUIT000A DC CL16'RSA_TDES168_SHA1',XL2'000A',CL2'0A'
SUIT002F DC CL16'RSA_AES128_SHA1 ',XL2'002F',CL2'2F'
SUIT0035 DC CL16'RSA_AES256_SHA1 ',XL2'0035',CL2'35'
SHA1 in the above uses a 160-bit(20-byte) message digest.
In addition we are adding TLS 1.2 support into TCP/IP 2.2 that adds the
following:
SUIT003C DC CL16'RSA_AES128_SH160',XL2'003C',CL2'3C'
SUIT003D DC CL16'RSA_AES256_SH256',XL2'003D',CL2'3D'
SH160 in the above is the same as SHA1 which uses a 160-bit(20-byte)
message digest.
SH256 in the above is the SHA2 algorithm which uses a 256-bit(32-byte)
message digest.
Donald R. Stoever
Product Developer
CSI-International
Office:
614.627.2908
Cell:
614.394.2541
E-Mail:
Don.Stoever@CSI-International
Web:
http://www.csi-international.com powered by entrée
-----Original Message-----
From: VSE-L
[mailto:vse-l-bounces+don.stoever=csi-intern...@lists.lehigh.edu
] On Behalf Of Billy Bingham
Sent: Thursday, June 01, 2017 12:20 PM
To: VSE Discussion List
Subject: Cipher Suite Defiitions
Don Stoever
Jun 1, 2017, 1:40:04 PM6/1/17
to
Ooops made a mistake the:
SUIT003C DC CL16'RSA_AES128_SH256',XL2'003C',CL2'3C'
SUIT003C DC CL16'RSA_AES128_SH160',XL2'003C',CL2'3C'
Should have been:
SUIT003C DC CL16'RSA_AES128_SH256',XL2'003C',CL2'3C'
Jeffrey Barnard
Jun 1, 2017, 2:10:47 PM6/1/17
to
For what it might be worth, here is a full list of all cipher suite codes.
https://testssl.sh/openssl-rfc.mapping.html
Which cipher actually selected depends on the security level (TLSv1,
TLSv1.2) and the capabilities of the client and server software used.
We support, regular (OK) RSA key exchange, DHE (better) (Diffie-Hellman)
RSA key exchange and ECDHE (best) (Elliptic Curve Diffie-Hellman) key
exchange. Also, RSA key sizes up to 4096 bits in both hardware and software.
BSI Ciphers Typically Used ...
<ECDHE-RSA-AES128-SHA256>
<ECDHE-RSA-AES256-SHA>
<ECDHE-RSA-AES128-SHA>
<ECDHE-RSA-DES-CBC3-SHA>
<DHE-RSA-AES256-SHA256>
<DHE-RSA-AES128-SHA256>
<DHE-RSA-AES256-SHA>
<DHE-RSA-AES128-SHA>
<EDH-RSA-DES-CBC3-SHA>
<AES256-SHA256>
<AES128-SHA256>
<AES256-SHA>
<AES128-SHA>
Now you know.
Regards,
Jeff
BSI Full Cipher list ...
<ECDHE-RSA-AES256-GCM-SHA384>
<ECDHE-ECDSA-AES256-GCM-SHA384>
<ECDHE-RSA-AES256-SHA>
<ECDHE-ECDSA-AES256-SHA>
<SRP-DSS-AES-256-CBC-SHA>
<SRP-RSA-AES-256-CBC-SHA>
<SRP-AES-256-CBC-SHA>
<DH-DSS-AES256-GCM-SHA384>
<DHE-DSS-AES256-GCM-SHA384>
<DH-RSA-AES256-GCM-SHA384>
<DHE-RSA-AES256-GCM-SHA384>
<DHE-RSA-AES256-SHA256>
<DHE-DSS-AES256-SHA256>
<DH-RSA-AES256-SHA256>
<DH-DSS-AES256-SHA256>
<DHE-RSA-AES256-SHA>
<DHE-DSS-AES256-SHA>
<DH-RSA-AES256-SHA>
<DH-DSS-AES256-SHA>
<ECDH-RSA-AES256-GCM-SHA384>
<ECDH-ECDSA-AES256-GCM-SHA384>
<ECDH-RSA-AES256-SHA>
<ECDH-ECDSA-AES256-SHA>
<AES256-GCM-SHA384>
<AES256-SHA256>
<AES256-SHA>
<PSK-AES256-CBC-SHA>
<ECDHE-RSA-AES128-GCM-SHA256>
<ECDHE-ECDSA-AES128-GCM-SHA256>
<ECDHE-RSA-AES128-SHA256>
<ECDHE-ECDSA-AES128-SHA256>
<ECDHE-RSA-AES128-SHA>
<ECDHE-ECDSA-AES128-SHA>
<SRP-DSS-AES-128-CBC-SHA>
<SRP-RSA-AES-128-CBC-SHA>
<SRP-AES-128-CBC-SHA>
<DH-DSS-AES128-GCM-SHA256>
<DHE-DSS-AES128-GCM-SHA256>
<DH-RSA-AES128-GCM-SHA256>
<DHE-RSA-AES128-GCM-SHA256>
<DHE-RSA-AES128-SHA256>
<DHE-DSS-AES128-SHA256>
<DH-RSA-AES128-SHA256>
<DH-DSS-AES128-SHA256>
<DHE-RSA-AES128-SHA>
<DHE-DSS-AES128-SHA>
<DH-RSA-AES128-SHA>
<DH-DSS-AES128-SHA>
<ECDH-RSA-AES128-GCM-SHA256>
<ECDH-ECDSA-AES128-GCM-SHA256>
<ECDH-RSA-AES128-SHA256>
<ECDH-ECDSA-AES128-SHA256>
<ECDH-RSA-AES128-SHA>
<ECDH-ECDSA-AES128-SHA>
<AES128-GCM-SHA256>
<AES128-SHA256>
<AES128-SHA>
<PSK-AES128-CBC-SHA>
<ECDHE-RSA-RC4-SHA>
<ECDHE-ECDSA-RC4-SHA>
<ECDH-RSA-RC4-SHA>
<ECDH-ECDSA-RC4-SHA>
<RC4-SHA>
<RC4-MD5>
<PSK-RC4-SHA>
<ECDHE-RSA-DES-CBC3-SHA>
<ECDHE-ECDSA-DES-CBC3-SHA>
<SRP-DSS-3DES-EDE-CBC-SHA>
<SRP-RSA-3DES-EDE-CBC-SHA>
<SRP-3DES-EDE-CBC-SHA>
<EDH-RSA-DES-CBC3-SHA>
<EDH-DSS-DES-CBC3-SHA>
<DH-RSA-DES-CBC3-SHA>
<DH-DSS-DES-CBC3-SHA>
<ECDH-RSA-DES-CBC3-SHA>
<ECDH-ECDSA-DES-CBC3-SHA>
<DES-CBC3-SHA>
<PSK-3DES-EDE-CBC-SHA>
https://testssl.sh/openssl-rfc.mapping.html
Which cipher actually selected depends on the security level (TLSv1,
TLSv1.2) and the capabilities of the client and server software used.
We support, regular (OK) RSA key exchange, DHE (better) (Diffie-Hellman)
RSA key exchange and ECDHE (best) (Elliptic Curve Diffie-Hellman) key
exchange. Also, RSA key sizes up to 4096 bits in both hardware and software.
BSI Ciphers Typically Used ...
<ECDHE-RSA-AES128-SHA256>
<ECDHE-RSA-AES256-SHA>
<ECDHE-RSA-AES128-SHA>
<ECDHE-RSA-DES-CBC3-SHA>
<DHE-RSA-AES256-SHA256>
<DHE-RSA-AES128-SHA256>
<DHE-RSA-AES256-SHA>
<DHE-RSA-AES128-SHA>
<EDH-RSA-DES-CBC3-SHA>
<AES256-SHA256>
<AES128-SHA256>
<AES256-SHA>
<AES128-SHA>
Now you know.
Regards,
Jeff
BSI Full Cipher list ...
<ECDHE-RSA-AES256-GCM-SHA384>
<ECDHE-ECDSA-AES256-GCM-SHA384>
<ECDHE-RSA-AES256-SHA>
<ECDHE-ECDSA-AES256-SHA>
<SRP-DSS-AES-256-CBC-SHA>
<SRP-RSA-AES-256-CBC-SHA>
<SRP-AES-256-CBC-SHA>
<DH-DSS-AES256-GCM-SHA384>
<DHE-DSS-AES256-GCM-SHA384>
<DH-RSA-AES256-GCM-SHA384>
<DHE-RSA-AES256-GCM-SHA384>
<DHE-RSA-AES256-SHA256>
<DHE-DSS-AES256-SHA256>
<DH-RSA-AES256-SHA256>
<DH-DSS-AES256-SHA256>
<DHE-RSA-AES256-SHA>
<DHE-DSS-AES256-SHA>
<DH-RSA-AES256-SHA>
<DH-DSS-AES256-SHA>
<ECDH-RSA-AES256-GCM-SHA384>
<ECDH-ECDSA-AES256-GCM-SHA384>
<ECDH-RSA-AES256-SHA>
<ECDH-ECDSA-AES256-SHA>
<AES256-GCM-SHA384>
<AES256-SHA256>
<AES256-SHA>
<PSK-AES256-CBC-SHA>
<ECDHE-RSA-AES128-GCM-SHA256>
<ECDHE-ECDSA-AES128-GCM-SHA256>
<ECDHE-RSA-AES128-SHA256>
<ECDHE-ECDSA-AES128-SHA256>
<ECDHE-RSA-AES128-SHA>
<ECDHE-ECDSA-AES128-SHA>
<SRP-DSS-AES-128-CBC-SHA>
<SRP-RSA-AES-128-CBC-SHA>
<SRP-AES-128-CBC-SHA>
<DH-DSS-AES128-GCM-SHA256>
<DHE-DSS-AES128-GCM-SHA256>
<DH-RSA-AES128-GCM-SHA256>
<DHE-RSA-AES128-GCM-SHA256>
<DHE-RSA-AES128-SHA256>
<DHE-DSS-AES128-SHA256>
<DH-RSA-AES128-SHA256>
<DH-DSS-AES128-SHA256>
<DHE-RSA-AES128-SHA>
<DHE-DSS-AES128-SHA>
<DH-RSA-AES128-SHA>
<DH-DSS-AES128-SHA>
<ECDH-RSA-AES128-GCM-SHA256>
<ECDH-ECDSA-AES128-GCM-SHA256>
<ECDH-RSA-AES128-SHA256>
<ECDH-ECDSA-AES128-SHA256>
<ECDH-RSA-AES128-SHA>
<ECDH-ECDSA-AES128-SHA>
<AES128-GCM-SHA256>
<AES128-SHA256>
<AES128-SHA>
<PSK-AES128-CBC-SHA>
<ECDHE-RSA-RC4-SHA>
<ECDHE-ECDSA-RC4-SHA>
<ECDH-RSA-RC4-SHA>
<ECDH-ECDSA-RC4-SHA>
<RC4-SHA>
<RC4-MD5>
<PSK-RC4-SHA>
<ECDHE-RSA-DES-CBC3-SHA>
<ECDHE-ECDSA-DES-CBC3-SHA>
<SRP-DSS-3DES-EDE-CBC-SHA>
<SRP-RSA-3DES-EDE-CBC-SHA>
<SRP-3DES-EDE-CBC-SHA>
<EDH-RSA-DES-CBC3-SHA>
<EDH-DSS-DES-CBC3-SHA>
<DH-RSA-DES-CBC3-SHA>
<DH-DSS-DES-CBC3-SHA>
<ECDH-RSA-DES-CBC3-SHA>
<ECDH-ECDSA-DES-CBC3-SHA>
<DES-CBC3-SHA>
<PSK-3DES-EDE-CBC-SHA>
0 new messages