Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • PowerExchange for CDC and Mainframe 10.5.8
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. DTLDESCRIBE Metadata
  12. PowerExchange Globalization
  13. Using the PowerExchange ODBC Drivers
  14. PowerExchange Datatypes and Conversion Matrix
  15. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  16. Appendix B: PowerExchange Glossary

Reference Manual

Reference Manual

Back Next

SSL_CIPHER_LIST Statement

SSL_CIPHER_LIST Statement

The SS_CIPHER_LIST statement restricts the available cipher suites that a Linux, UNIX, or Windows client offers to a server during an SSL handshake to the specified list.
This statement is also used when establishing a secure TLS connection to an LDAP server for credentials checking to handle situations where the LDAP server supports only a limited number of ciphers.
For example, you might want to specify AES256-SHA because it's a widely supported and strong cipher that's can be used for both credentials checking by LDAP and secure network connections.
IBM i, Linux, UNIX, and Windows
SSL, SSL_ALLOW_SELFSIGNED, SSL_CONTEXT_METHOD, SSL_REQ_CLNT_CERT, SSL_REQ_SRVR_CERT, and SSL_TOLERATE_UNTRUSTED_ISSUER
No 
SSL_CIPHER_LIST=
cipher_list
For the
cipher_list
 variable, specify one or more OpenSSL cipher suite names, separated by commas.
The following table is a partial list of OpenSSL cipher suite names and the corresponding AT-TLS cipher suite names and hexadecimal values:
OpenSSL Cipher Suite Name
AT-TLS Cipher Suite Name
Hexadecimal Value
DHE-RSA-AES256-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
39
DHE-DSS-AES256-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
38
AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA
35
EDH-RSA-DES-CBC3-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
16
EDH-DSS-DES-CBC3-SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
13
DES-CBC3-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
0A
DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
33
DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
32
AES128-SHA
TLS_RSA_WITH_AES_128_CBC_SHA
2F
For a complete list of the cipher suites that are available in the OpenSSL cryptographic library on your Linux, UNIX, or Windows client machine, run the REPORT_CIPHERS command of the PWXUSSL utility.
  • You might want to include the SSL_CIPHER_LIST statement in the DBMOVER file on the client machine for the following reasons:
    • To ensure that a Linux, UNIX, or Windows PowerExchange server never uses a weak cipher from a client machine.
    • To force the use of a preferred cipher from a Linux, UNIX, or Windows client machine rather than having to change a TTLSCipherParms configuration statement on the z/OS server machine.
    • To avoid the use a the Diffie-Hellman cipher on z/OS because of the slow connection time.
    • To force the use of a weaker cipher, or a cipher with hardware assistance on z/OS, for faster performance.
    • On IBM i, to specify ciphers by using four hexadecimal digits.
  • Configure the SSL_ALLOW_SELFSIGNED, SSL_CIPHER_LIST, or SSL_CONTEXT_METHOD statement only if a failure connecting to the LDAP server occurs.
  • On Windows, setting the trace filter TRACE=(SEC,9,99) causes low-level tracing in the Open LDAP client libraries, which can provide information about whether the connection to the LDAP server failed because of correctable errors, such as self-signed certificates, no ciphers shared between the client and server, or context method mismatches between the client and server.
0 COMMENTS
We’d like to hear from you!