SSL cipher specifications

When an SSL connection is established, the client (web browser) and the web server negotiate the cipher to use for the connection. The web server has an ordered list of ciphers, and the first cipher in the list that is supported by the client is selected.


Introduction

View the list of current of SSL ciphers.Attention: This list of ciphers could change as a result of updates to industry standards. We can determine the list of ciphers supported in a particular version of IBM HTTP Server by configuring it to load mod_ibm_ssl and running bin/apachectl -t -f path/to/httpd.conf -DDUMP_SSL_CIPHERS.

The SSLFIPSEnable directive enables Federal Information Processing Standards (FIPS). When the SSLFIPSEnable directive is enabled, the set of ciphers available is restricted as shown, and SSLv2 and SSLv3 are disabled as well as TLSv11 and TLSv12. Only TLSv10 is enabled for FIPS compliance.

Avoid trouble:

  • Ciphers should be enabled via their "long name".

  • Ciphers containing "ECDHE_RSA" in their name use a standard RSA certificate and can coexist with older RSA ciphers and clients.

  • Ciphers containing "ECDHE_ECDSA" in their name requires an ECC (Elliptic Curve Cryptography) certificate/key to be created (with gskcapicmd if you are running on a distributed platform, or gskkyman if you are running on z/OS®).

  • On z/OS, several criteria must be met to use "ECDHE" ciphers:

    • z/OS V1R13 with OA39422, or later, is required to use TLSv1.2 on z/OS.

    • ICSF must be available to use ECC or AES-GCM ciphers. See RACF® CSFSERV Resource Requirements in the z/OS Cryptographic Services System SSL Programming for more information.


SSL and TLS ciphers

Attention: Note the following SSL and TLS cipher values:

  • - = cipher that is not valid for the protocol

  • d = cipher is enabled by default

  • y = cipher is valid but not enabled by default

Attention: TLS v1.1 and v1.2 are available on the z/OS operating system on version V1R13 with OA39422, or later. For transitioning users: To improve security, IBM HTTP Server Version 9.0 disables weak SSL ciphers, export SSL ciphers, and the SSL Version 2 and Version 3 protocols by default. SSL Version 2, weak ciphers, and export ciphers are generally unsuitable for production SSL workloads on the internet and are flagged by security scanners. To enable ciphers, use the SSLCipherSpec directive.

Table 1. TLS ciphers
Short name Long name Key size (bits) FIPS SSLV2 SSLV3 TLSv10 TLSv11 TLSv12 TLSv13
1301 TLS_AES_128_GCM_SHA256 128 Y - - - - -

d
1302 TLS_AES_256_GCM_SHA384 256 Y - - - - -

d
1303 TLS_CHACHA20_POLY1305_SHA256 256 - - - - - -

d
1304 TLS_AES_128_CCM_SHA256 128 Y - - - - -

d
1305 TLS_AES_128_CCM_8_SHA256 128 Y - - - - -

d
9C TLS_RSA_WITH_AES_128_GCM_SHA256 128 Y - - - - d  
9D TLS_RSA_WITH_AES_256_GCM_SHA384 256 Y - - - - d  
3C TLS_RSA_WITH_AES_128_CBC_SHA256 128 Y - - - - d  
3D TLS_RSA_WITH_AES_256_CBC_SHA256 256 Y - - - - d  
2F TLS_RSA_WITH_AES_128_CBC_SHA 128 Y - Y d d d  
35b TLS_RSA_WITH_AES_256_CBC_SHA 256 Y - Y d d d  
C009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 Y - - - - d*  
C00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 Y - - - - d*  
C010 TLS_ECDHE_RSA_WITH_NULL_SHA 0 Y - - - - Y*  
C013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 Y - - - - d*  
C014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 Y - - - - d*  
C023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128 Y - - - - d*  
C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256 Y - - - - d*  
C027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 Y - - - - d*  
C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 Y - - - - d*  
C02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128 Y - - - - d*  
C02C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256 Y - - - - d*  
C02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 Y - - - - d*  
C030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 Y - - - - d*  
Important: ECDHE ciphers are enabled by default for TLSv1.2, except on z/OS platforms (denoted with d*). Important: 3DES ciphers are disabled by default on IBM HTTP Server versions 9.0.0.6 and later.

Weaker ciphers, not enabled by default:

Table 2. Other TLS ciphers
Short name Long name Key size (bits) FIPS SSLV2 SSLV3 TLSv10 TLSv11 TLSv12
C008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 168 Y - - - - Y*
C012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 168 Y - - - - Y*
3A SSL_RSA_WITH_3DES_EDE_CBC_SHA 168 Y - Y Y Y Y
C007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 128 Y - - - - Y*
C011 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 Y - - - - Y*
35 SSL_RSA_WITH_RC4_128_SHA 128 - - Y Y Y Y
34 SSL_RSA_WITH_RC4_128_MD5 128 - - Y Y Y -
39 SSL_RSA_WITH_DES_CBC_SHA 56 - - y y y -
33 SSL_RSA_EXPORT_WITH_RC4_40_MD5 40 - - y y - -
36 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 40 - - y y - -
62 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 56 - - y y - -
64 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 56 - - y y - -
32 SSL_RSA_WITH_NULL_SHA 0 - - y y y y
31 SSL_RSA_WITH_NULL_MD5 0 - - y y y -
3B TLS_RSA_WITH_NULL_SHA256 0 Y - - - - y
30 SSL_NULL_WITH_NULL_NULL 0 - - y y y y
27 SSL_DES_192_EDE3_CBC_WITH_MD5 168 - y - - - -
21 SSL_RC4_128_WITH_MD5 128 - y - - - -
23 SSL_RC2_CBC_128_CBC_WITH_MD5 128 - y - - - -
26 SSL_DES_64_CBC_WITH_MD5 56 - y - - - -
24 SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 40 - y - - - -
22 SSL_RC4_128_EXPORT40_WITH_MD5 40 - y - - - -
FE SSL_RSA_FIPS_WITH_DES_CBC_SHA 56 - - - - - -
FF SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 168 - - - - - -


Related tasks