System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
v Use the system default cipher specification list if a previous SSL_Init_Application() API or<br />
SSL_Init() API was not done<br />
The caller specifies the preferred order of the cipher specifications. The cipher specification<br />
values, shown here not in preferred or strength order, are defined in as the following:<br />
Notes:<br />
C Constant Hex <strong>System</strong> Value<br />
TLS_RSA_WITH_NULL_MD5 0x0001 *RSA_NULL_MD5<br />
TLS_RSA_WITH_NULL_SHA 0x0002 *RSA_NULL_SHA<br />
TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 *RSA_EXPORT_RC4_40_MD5<br />
TLS_RSA_WITH_RC4_128_MD5 0x0004 *RSA_RC4_128_MD5<br />
TLS_RSA_WITH_RC4_128_SHA 0x0005 *RSA_RC4_128_SHA<br />
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 *RSA_EXPORT_RC2_CBC_40_MD5<br />
TLS_RSA_WITH_DES_CBC_SHA 0x0009 *RSA_DES_CBC_SHA<br />
TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A *RSA_3DES_EDE_CBC_SHA<br />
TLS_RSA_WITH_AES_128_CBC_SHA 0x002F *RSA_AES_128_CBC_SHA (TLS Version 1 only)<br />
TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 *RSA_AES_256_CBC_SHA (TLS Version 1 only)<br />
TLS_RSA_WITH_RC2_CBC_128_MD5 0xFF01 *RSA_RC2_CBC_128_MD5 (SSL Version 2 only)<br />
TLS_RSA_WITH_DES_CBC_MD5 0xFF02 *RSA_DES_CBC_MD5 (SSL Version 2 only)<br />
TLS_RSA_WITH_3DES_EDE_CBC_MD5 0xFF03 *RSA_3DES_EDE_CBC_MD5 (SSL Version 2 only)<br />
1. The SSL_RSA_EXPORT_WITH_DES40_CBC_SHA cipher is not supported by i5/OS ®<br />
.<br />
2.<br />
The default cipher suite list in preference order when the operating system is installed is as<br />
follows:<br />
C Constant <strong>System</strong> Value<br />
TLS_RSA_WITH_AES_128_CBC_SHA *RSA_AES_128_CBC_SHA<br />
TLS_RSA_WITH_RC4_128_SHA *RSA_RC4_128_SHA<br />
TLS_RSA_WITH_RC4_128_MD5 *RSA_RC4_128_MD5<br />
TLS_RSA_WITH_AES_256_CBC_SHA *RSA_AES_256_CBC_SHA<br />
TLS_RSA_WITH_3DES_EDE_CBC_SHA *RSA_3DES_EDE_CBC_SHA<br />
3. The current default cipher suite list can be different from the install time list due to changes<br />
made to the QSSLCSL (SSL cipher specification list) system value via the Change <strong>System</strong><br />
Value (CHGSYSVAL) command. A cipher suite removed from the SSL cipher specification list<br />
will also be removed from the default cipher suite list shown here. The order of the cipher<br />
suites in QSSLCSL will be used to order the cipher suites in the default list.<br />
4. The Display <strong>System</strong> Value (DSPSYSVAL) command or the Retrieve <strong>System</strong> Values<br />
(QWCRSVAL) API can be used to determine the current setting of the supported ciphers<br />
(QSSLCSL) for system SSL.<br />
unsigned int cipherSuiteListLen (input)<br />
The number of cipher suite entries specified in the list pointed to by the cipherSuiteList<br />
parameter.<br />
unsigned int sessionType (output)<br />
The type registered for the application. The following values are returned in sessionType and are<br />
defined in .<br />
SSL_REGISTERED_AS_CLIENT 0<br />
SSL_REGISTERED_AS_SERVER 1<br />
SSL_REGISTERED_AS_SERVER_WITH_CLIENT_AUTH 2<br />
SSL_REGISTERED_AS_SERVER_WITH_OPTIONAL_CLIENT_AUTH 3<br />
SSL_REGISTERED_AS_NOT_SPECIFIED 99<br />
unsigned int reserved1 (input)<br />
This reserved field must be set to 0.<br />
86 <strong>System</strong> i: <strong>Programming</strong> <strong>Secure</strong> <strong>Sockets</strong> <strong>APIs</strong>