Using lsciphers and setciphers to Set Cipher Suites

The lsciphers and setciphers options allow you to restrict the set of cipher suites that the SAP ASE server uses, giving control to the system security officer over the kinds of encryption algorithms that may be used by client connections to the server or outbound connections from the SAP ASE server. By default, the SAP ASE server uses an internally defined set of preferences for cipher suites.

sp_ssladmin setciphers sets cipher suite preferences to the given ordered list. This restricts the available SSL cipher suites to the specified set of “FIPS”, “Strong”, “Weak”, “All”, or a quoted list of cipher suites. This takes effect on the next listener started, and requires that you restart the SAP ASE server to ensure that all listeners use the new settings.

You can display any cipher suite preferences that have been set using sp_ssladmin lsciphers. If no preferences have been set, sp_ssladmin lsciphers returns 0 rows to indicate no preferences are set and the SAP ASE server uses its default (internal) preferences.

See Confidentiality of Data in the System Administration Guide for more information.