System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.<br />
v GSK_SESSION_TYPE set to GSK_CLIENT_SESSION.<br />
v GSK_KEYRING_LABEL set to use the default certificate from the certificate store file.<br />
v GSK_PROTOCOL_TLSV1 set to GSK_PROTOCOL_TLSV1_ON.<br />
v GSK_PROTOCOL_SSLV3 set to GSK_PROTOCOL_SSLV3_ON.<br />
v<br />
GSK_PROTOCOL_SSLV2 set to GSK_PROTOCOL_SSLV2_OFF.<br />
v GSK_V2_CIPHER_SPECS set to the default SSL Version 2 cipher suite list.<br />
v GSK_V3_CIPHER_SPECS set to the default SSL Version 3 cipher suite list.<br />
The default cipher suite list in preference order as shipped is as follows:<br />
v GSK_V3_CIPHER_SPECS set to SSL Version 3 or TLS Version 1 default ″2F0504350A.″<br />
v GSK_V2_CIPHER_SPECS set to ″137.″<br />
The current default cipher suite list can be different from the install time list due to changes made<br />
to the QSSLCSL (SSL cipher specification list) system value via the Change <strong>System</strong> Value<br />
(CHGSYSVAL) command. A cipher suite removed from the SSL cipher specification list will also be<br />
removed from the default cipher suite list shown here. The order of the cipher suites in QSSLCSL<br />
will be used to order the cipher suites in the default list. “gsk_attribute_get_buffer()—Get character<br />
information about a secure session or an SSL environment” on page 3 for<br />
GSK_V3_CIPHER_SPECS can be used to determine the current default cipher suite list<br />
configuration.<br />
See the usage notes in “gsk_attribute_set_buffer()—Set character information for a secure session or<br />
an SSL environment” on page 16 API for the format of the ciphers.<br />
3. The default values for GSK_PROTOCOL_TLSV1 and GSK_PROTOCOL_SSLV3 can be altered by<br />
changing the QSSLPCL (SSL protocols) system value via the Change <strong>System</strong> Value (CHGSYSVAL)<br />
command. When a protocol is removed from the SSL protocols system value it results in the protocol<br />
being set to off rather than on by default. “gsk_attribute_get_enum()—Get enumerated information<br />
about a secure session or an SSL environment” on page 10 for each of those values can be used to<br />
determine the current default protocols enabled.<br />
4. The Display <strong>System</strong> Value (DSPSYSVAL) command or the Retrieve <strong>System</strong> Values (QWCRSVAL) API<br />
can be used to determine the current settings of the supported ciphers and protocols for system SSL.<br />
5. Change <strong>System</strong> Value (CHGSYSVAL) allows an administrator to disable protocols or ciphers from<br />
being used by the GSKit <strong>APIs</strong>. For backwards compatibility, GSKit support will silently ignore<br />
attempts by applications to use disabled protocols or ciphers unless only disabled values are used.<br />
Related Information<br />
v “gsk_attribute_set_buffer()—Set character information for a secure session or an SSL environment” on<br />
page 16—Set character information for an secure session or a SSL environment<br />
v “gsk_attribute_set_enum()—Set enumerated information for a secure session or an SSL environment”<br />
on page 24—Set enumerated information for a secure session or an SSL environment<br />
v “gsk_attribute_set_numeric_value()—Set numeric information for a secure session or an SSL<br />
environment” on page 28—Set numeric information for a secure session or an SSL environment<br />
v “gsk_environment_close()—Close an SSL environment” on page 30—Close the SSL environment<br />
v “gsk_environment_init()—Initialize an SSL environment” on page 32—Initialize an SSL environment<br />
v “gsk_strerror()—Retrieve GSKit runtime error message” on page 62—Retrieve GSK runtime error<br />
message<br />
API introduced: V5R1<br />
36 <strong>System</strong> i: <strong>Programming</strong> <strong>Secure</strong> <strong>Sockets</strong> <strong>APIs</strong><br />
Top | UNIX-Type <strong>APIs</strong> | <strong>APIs</strong> by category