SSL is one of those things that just kind of depends.
Are you using scanning equipment to test your system which will actually
test for all those ciphers and flag you for ones deemed risky?
If so, are you doing that for both external and internal users?
Do you not care about the scanning equipment but you read all the tech
stuff and will flag it yourself?
What's more important to you? Data security or dinglefritz wanting access
with old versions of software on his Windows NT computer?
Are you even firing up the ports of concern for native IBM i or is it only
used by Domino or vendor software which may use it's own ciphers?
This changes whether or not QSSLCSL default values and QSSLCSLCTL set to
*OPSYS is acceptable to you.
One must keep in mind that IBM does not remove risky ciphers from QSSLCSL
at PTF time. Normally only at release boundaries. Therefore there may
already be some which might fail you on an audit.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.