When using CA LDAP Server to establish an SSL (TLS) encryption tunnel, what cipherspec is used; i.e., what algorithm/strength for encipher/decipher, what signing/hash algorithm?

book

Article ID: 32093

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Question:

When using CA LDAP Server to establish an SSL (TLS) encryption tunnel, what cipherspec is used; i.e., what algorithm/strength for encipher/decipher, or what signing/hash algorithm is used for the connection?

Answer:

The way SSL works is that the strongest cipher that both sides support is used for that specific connection.  The cipher is negotiated during the SSL handshake for each app that connects to the CA LDAP Server.  During a connection, the client app sends its list of supported ciphers and the server compares that to its list.  The server then selects the strongest and returns that to the client as what they shall use.  In order to get an answer for a specific app, tracing of the SSL handshake would need to be enabled in the CA LDAP Server and then reviewed.

 

Environment

Release:
Component: ACF2MS