Encryption Choices
Use this panel to customize cryptographic algorithms. FTP
uses the encryption services of SSL or TLS
to protect data. Your z/OS system SSL/TLS provides a defined set of encryption and
data authentication algorithms we refer to as ciphers. The
encryption algorithm scrambles the data so that it cannot be interpreted.
The data authentication algorithm ensures that the data is delivered completely without alteration.
Before you begin, make some decisions about security.
- If you want to use defaults, select "I want to use the defaults".
When using the defaults, the system SSL/TLS services determine the cipher algorithms that are installed
and available on your system. These are used to negotiate the level of cipher for each connection
with the client. System SSL/TLS services has a set priority order it uses when negotiating with the client,
which is:
- RC4 (128-bit) encryption, SHA authentication
- RC4 (128-bit) encryption, MD5 authentication
- Triple DES encryption, SHA authentication
- RC4 (40-bit) encryption, MD5 authentication
- RC2 (40-bit) encryption, MD5 authentication
- DES encryption, SHA authentication
- No encryption, SHA authentication
- No encryption, MD5 authentication
- If you want to select which ciphers, select "I want to select which algorithms to use".
Steps
- Click the button that describes what you want to do (use the defaults,
or select which algorithms).
- If you select that you want to specify algorithms, specify if this system
is subject to export regulations.
- Click the "Add..." button to select which ciphers you want FTP to use. Repeat until you have added all the cipher
choices you desire.
- The order of the ciphers is important. FTP will attempt to use the top entry in the cipher list first.
If it is not available
or not supported by its session partner, FTP will attempt to use the next one in the list. Therefore, use the "Move Up" and
Move Down" buttons to ensure the ciphers are in priority order.
You have completed this panel after you have:
-
made a decision about using ciphers and defaults, and
-
if you want to use encryption:
-
specifying your export regulations requirements and
-
the specific ciphers to enable
You can find more detailed help on the following elements of this window:
Is this system subject to export regulations?
Cipher choices listed in preferred order.
Radio Buttons
Click I want to use the defaults to use defaults.
Click I want to select which algorithms to use to indicate you will be selecting particular algorithms to use.
Click Yes to indicate your system is subject to export regulations.
Click No to indicate your system is not subject to export regulations.
Push buttons
Click Add... to add a cipher to the list.
Click Remove... to remove the selected cipher from the list.
Click Move Up to move the selected cipher up one position.
Click Move Down to move the selected cipher down one position.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.