On Wed, 28 Jan 2009 15:50:03 -0600, Hal Merritt <hmerr...@jackhenry.com> wrote:
>Thanks all! > >Do we know if there were any anonymous ciphers supported in z/os 1.7? In System SSL, no. By the way, I did a bit of Java research. The IBM Java SSL support (in IBMJSSE and IBMJSSE2) has a page at http://www.ibm.com/developerworks/java/jdk/security/60/secguides/jsse2Docs/JSSE2RefGuide.html#AppA or http://preview.tinyurl.com/bo8bgu (and then navigate to Appendix A) that lists the supported cipher suites. It does list the anonymous suites, but has a footnote: *Although anonymous cipher suites are enabled, the IBMJSSE2 TrustManager does not allow anonymous cipher suites. The default implementation can be overridden by providing your own TrustManager that allows anonymous cipher suites. See Accepting Anonymous Cipher Suites for information about creating your own X509TrustManager. And I also looked at some Websphere Application Server (WAS) doc, which does not include the anonymous ciphers in the list of supported suites. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html