My post Using z/OS LDAP with TLS 1.3 <https://colinpaice.blog/2021/11/03/using-z-os-ldap-with-tls-1-3/>may give you a few clues. It talks about removing cipher specs you do not want to use.
Search for .GSK_V2_CIPHER_SPECS in the GSK doc (SC14-7495-50) below. There is a list of cipher specs in Appendix C. Cipher suite definitions in SC14-7495-50 (Cryptographic Services System Secure Sockets Layer Programming) Colin On Thu, 21 Jul 2022 at 13:21, Gilson Cesar de Oliveira <gil...@gmail.com> wrote: > Hi Timothy, > > Many thanks for your help. > In the second URL there is an information about how to setup > TLSV1.2 > but we also need to restrict the ciphers to the ones our customer would > like > to have enabled. > I´m still looking for on how to restrict the ciphers. > If you have further informations on how to do it, I really > appreciate that. > > Regards, > > Gilson > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf > Of > Timothy Sipples > Sent: quinta-feira, 21 de julho de 2022 02:15 > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: IWS Agent for z/OS - SSL Configuration > > Gilson, > > Does the information here help? > > 1. > > https://www.ibm.com/docs/en/workload-automation/10.1.0?topic=ssae-enabling-f > ips-compliance-over-z-workload-scheduler-server-ssl-secured-connection > <https://www.ibm.com/docs/en/workload-automation/10.1.0?topic=ssae-enabling-fips-compliance-over-z-workload-scheduler-server-ssl-secured-connection> > 2. > > https://www.ibm.com/docs/en/workload-automation/10.1.0?topic=server-configur > ing-tls-connect-z-workload-scheduler#configTLS > <https://www.ibm.com/docs/en/workload-automation/10.1.0?topic=server-configuring-tls-connect-z-workload-scheduler#configTLS> > > — — — — — > Timothy Sipples > Senior Architect > Digital Assets, Industry Solutions, and Cybersecurity IBM > zSystems/LinuxONE, > Asia-Pacific sipp...@sg.ibm.com > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
