Peter. Attls uses z/os System SSL component to implement SSL/TLS so the answer to your question should be in the z/OS Cryptographic Services System SSL programming manual. Although that document has a table containing a list of supported crypto methods I cannot see any mention of which ones can be used without ICSF.
However the following section implies that most algorithms are supported with ICSF but the Elliptic Curve algorithms are not. https://www.ibm.com/docs/en/zos/2.5.0?topic=ssl-overview-hardware-cryptographic-features-system Also if you want to make use of the performance improvements available with a crypto card configured as a crypto accelerator you need ICSF. I think historically SYSTEM SSL implemented the crypto algorithms itself but when ICSF came along it was changed to use ICSF if available. It was not necessary to implement Elliptic Curve algorithms because ICSF is used. BTW why would you not want to use ICSF? I think there has been some confusion in the past that ICSF requires crypto hardware but that is not the case. Keith Gooding > On 17 Jan 2025, at 20:22, Peter > <000005e4a8a0a03d-dmarc-requ...@listserv.ua.edu> wrote: > Hello > > If there is No ICSF running then what ciphersuites can be used in TTLS > policy ? > > Is there a default cipher which can be used in the TTLS policy? > > Can someone please point me in the right direction? > > Peter. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
