Awesome! That was too easy. Now All I have to do is figure out what was displayed. The FM just identifies the message number as a response to a display.
GSK01009I Cryptographic status 024 Algorithm Hardware Software DES 56 56 3DES 168 168 AES -- 256 RC2 -- 128 RC4 -- 128 RSA Encrypt 1024 4096 RSA Sign 2048 4096 DSS -- 1024 Since I don't see 'anonymous', can I safely say that that algorithm is -not- present? And bet my job on that? (I am only half kidding.) -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Patrick O'Keefe Sent: Wednesday, February 04, 2009 2:43 PM To: IBM-MAIN@bama.ua.edu Subject: Re: TLS Cipher Suites ..snip In addition to those manuals, you may want to crank up GSKSRVR and issue F GSKSRVR,DISPLAY CRYPTO This will show you what encryption and hashing algorithms are supported by System SSL in software and which, if any, are supported by hardware (crypto engines and CPACF instructions). You have to manually translate the algorithm names into cipher suite numbers (which means you need to get the name associated with each cipher suite number, but Google is your friend for that). Armed with that information you can give you tell your servers to preferentially pick cipher suites supported by hardware. Pat O'Keefe NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
