Great tip!! Thanks. I can use that even though I'm using only RACF?
-----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Patrick O'Keefe Sent: Wednesday, February 04, 2009 2:43 PM To: IBM-MAIN@bama.ua.edu Subject: Re: TLS Cipher Suites ..snip In addition to those manuals, you may want to crank up GSKSRVR and issue F GSKSRVR,DISPLAY CRYPTO This will show you what encryption and hashing algorithms are supported by System SSL in software and which, if any, are supported by hardware (crypto engines and CPACF instructions). You have to manually translate the algorithm names into cipher suite numbers (which means you need to get the name associated with each cipher suite number, but Google is your friend for that). Armed with that information you can give you tell your servers to preferentially pick cipher suites supported by hardware. Pat O'Keefe NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html