ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When using CA LDAP Server to establish an SSL (TLS) encryption tunnel, what cipherspec is used; i.e., what algorithm/strength for encipher/decipher, what signing/hash algorithm?

book

Article ID: 32093

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

Question:

When using CA LDAP Server to establish an SSL (TLS) encryption tunnel, what cipherspec is used; i.e., what algorithm/strength for encipher/decipher, or what signing/hash algorithm is used for the connection?

Answer:

The way SSL works is that the strongest cipher that both sides support is used for that specific connection.  The cipher is negotiated during the SSL handshake for each app that connects to the CA LDAP Server.  During a connection, the client app sends its list of supported ciphers and the server compares that to its list.  The server then selects the strongest and returns that to the client as what they shall use.  In order to get an answer for a specific app, tracing of the SSL handshake would need to be enabled in the CA LDAP Server and then reviewed.

 

Environment

Release:
Component: ACF2MS