On Wed, 4 Feb 2009 11:13:03 -0600, Walt Farrell <wfarr...@us.ibm.com> wrote:
>... >Assuming you have an application that is using the System SSL function of >z/OS (or the Application Transparent TLS function of z/OS Communications >Server, which uses System SSL): > >(a) z/OS R7: >http://publibz.boulder.ibm.com/cgi- bin/bookmgr_OS390/BOOKS/gska1a30/6.12? SHELF=EZ2ZO10G&DT=20040714151143 >or http://preview.tinyurl.com/bu7tmy > >(b) z/OS R9: >http://publibz.boulder.ibm.com/cgi- bin/bookmgr_OS390/BOOKS/GSKA1A50/6.12? SHELF=EZ2ZO10K&DT=20070508220341 >or http://preview.tinyurl.com/bt4fy8 >... In addition to those manuals, you may want to crank up GSKSRVR and issue F GSKSRVR,DISPLAY CRYPTO This will show you what encryption and hashing algorithms are supported by System SSL in software and which, if any, are supported by hardware (crypto engines and CPACF instructions). You have to manually translate the algorithm names into cipher suite numbers (which means you need to get the name associated with each cipher suite number, but Google is your friend for that). Armed with that information you can give you tell your servers to preferentially pick cipher suites supported by hardware. Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
