The system contains many components that use SSL/TLS, both as clients and servers. The requirement to use only strong SSL/TLS ciphers applies to both.
OpenSSL and Java SSL on IBM Spectrum Virtualize are configured to provide unlimited strength encryption. However, before release 7.6.0.0, IBM Spectrum VirtualizeJava SSL was in its default configuration, which supports only up to 128-bit encryption.
Security level | Description | Minimum security allowed |
---|---|---|
1 | Sets the system to disallow SSL version 3.0. | TLS 1.0 |
2 | Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1. | TLS 1.2 |
3 | Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1 and to allow cipher suites that are exclusive to TLS version 1.2. | TLS 1.2 |
4 | Sets the system to disallow SSL version 3.0, TLS version 1.0, and TLS version 1.1 and to allow cipher suites that are exclusive to TLS version 1.2. Sets the system to disallow RSA key exchange ciphers, RSA ciphers for SSH. | TLS 1.2 |
To learn more about the SSL/TLS security levels and the list of ciphers that are supported by each security level, see Security levels and supported security ciphers.