Cipher support for SYSVIEW
Article ID: 415558
Updated On:
Products
SYSVIEW Performance Management
Issue/Introduction
Investigating the ciphers for SYSVIEW, need more details for this product.
- Does SYSVIEW product support AT-TLS?
- What security ciphers are supported and enabled in the product config, what is the order? and how to disable weak ciphers?
Environment
SYSVIEW 17.0 z/OS supported releases
Resolution
- Enable HTTPS Communication Using AT-TLS
Use AT-TLS to enable HTTPS communication.
To provide a secure connection, SYSVAPPS supports the IBM z/OS Communications Server TTLS feature as an Application Transparent Transport Layer Security (AT-TLS) basic application. SYSVAPPS is unaware of AT-TLS encrypted TCP/IP connection details. This article includes a scenario to set up a certificate, keyrings, and the policy statements for AT-TLS. - With the latest maintenance, SYSVAPPS supports the following ciphers by default:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Wanting to override that, the list can be updated by adding a server.ssl.ciphers property in application.yml
Needing to determine what is 'weak' from this list and if necessary, override the list by adding the above mentioned property.
Feedback
Yes
No
Powered by
