There are many different algorithms which can be used for encrypting data, and for computing the message authentication code. Some provide the highest levels of security, but require a large amount of computation for encryption and decryption; others are less secure, but provide rapid encryption and decryption. The length of the key used for encryption affects the level of security - the longer the key, the more secure the data.
To allow users to select the level of security that
suits their needs, and to enable communication with others who might
have different security requirements, SSL defines cipher suites,
or sets of ciphers. When an SSL connection is established, the client
and server exchange information about which cipher suites they have
in common. They then communicate using the common cipher suite that
offers the highest level of security. If they do not have a cipher
suite in common, then secure communication is not possible and CICS
closes the connection.
Use the ENCRYPTION system
initialization parameter to specify the level of encryption that CICS® should
use. The default is STRONG, which means that CICS can use all of the
available cipher suites to negotiate with clients. You can set a minimum
as well as a maximum encryption level by editing the list of cipher
suites in the CIPHERS attribute on the appropriate resource definition.
Cipher suite | Encryption algorithm | Key length | Digest | Key exchange |
---|---|---|---|---|
01 | No encryption | MD5 | None | |
02 | No encryption | SHA-1 | None | |
03 | RC4 | 40 bits | MD5 | RSA |
04 | RC4 | 128 bits | MD5 | RSA |
05 | RC4 | 128 bits | SHA-1 | RSA |
06 | RC2 | 40 bits | MD5 | RSA |
09 | DES | 56 bits | SHA-1 | RSA |
0A | 3DES | 168 bits | SHA-1 | Fixed Diffie-Hellman key exchange using DSS certificate |
0C | DES | 56 bits | SHA-1 | Fixed Diffie-Hellman key exchange using DSS certificate |
0D | 3DES | 168 bits | SHA-1 | Fixed Diffie-Hellman key exchange using DSS certificate |
0F | DES | 56 bits | SHA-1 | Fixed Diffie-Hellman key exchange using RSA certificate |
10 | 3DES | 168 bits | SHA-1 | Fixed Diffie-Hellman key exchange using RSA certificate |
12 | DES | 56 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using DSS certificate |
13 | 3DES | 168 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using DSS certificate |
15 | DES | 56 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using RSA certificate |
16 | 3DES | 168 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using RSA certificate |
2F | AES | 128 bits | SHA-1 | Fixed Diffie-Hellman key exchange using DSS certificate |
30 | AES | 128 bits | SHA-1 | Fixed Diffie-Hellman key exchange using DSS certificate |
31 | AES | 128 bits | SHA-1 | Fixed Diffie-Hellman key exchange using RSA certificate |
32 | AES | 128 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using DSS certificate |
33 | AES | 128 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using RSA certificate |
35 | AES | 256 bits | SHA-1 | RSA |
36 | AES | 256 bits | SHA-1 | Fixed Diffie-Hellman key exchange using DSS certificate |
37 | AES | 256 bits | SHA-1 | Fixed Diffie-Hellman key exchange using RSA certificate |
38 | AES | 256 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using DSS certificate |
39 | AES | 256 bits | SHA-1 | Ephemeral Diffie-Hellman key exchange using RSA certificate |
The terms used in this table are:
|