On initial startup, before any cipher suite preferences have been set, no preferences are shown by sp_ssladmin lscipher.
1> sp_ssladmin lscipher 2> go
Output:
Cipher Suite Name Preference ----------------- ---------- (0 rows affected) (return status = 0)
The following example specifies the set of cipher suites that use FIPS algorithms.
1> sp_ssladmin setcipher, 'FIPS'
The following cipher suites and order of preference are set for SSL connections:Cipher Suite Name Preference ---------------------------------------------------------------- ----------- TLS_RSA_WITH_AES_256_CBC_SHA 1 TLS_RSA_WITH_AES_128_CBC_SHA 2 TLS_RSA_WITH_3DES_EDE_CBC_SHA 3 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 4 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 5 TLS_RSA_WITH_DES_CBC_SHA 6 TLS_DHE_DSS_WITH_DES_CBC_SHA 7 TLS_DHE_RSA_WITH_DES_CBC_SHA 8 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 9 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 10
A preference of 0 (zero) sp_ssladmin output indicates a cipher suite is not used by Adaptive Server. The other, non-zero numbers, indicate the preference order that Adaptive Server uses the algorithm during the SSL handshake. The client side of the SSL handshake chooses one of these cipher suites that matches its list of accepted cipher suites.
This example uses a quoted list of cipher suites to set preferences in Adaptive Server:
1> sp_ssladmin setcipher, 'TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA' 2> go
The following cipher suites and order of preference are set for SSL connections: Cipher Suite Name Preference ---------------------------------------------------------------- ----------- TLS_RSA_WITH_AES_128_CBC_SHA 1 TLS_RSA_WITH_AES_256_CBC_SHA 2
