## Protocols
#### Info Pages
[SSL API Error Codes and Messages](http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzab6/ssltrouble.htm)
[How to disable SSL versions](http://www-01.ibm.com/support/docview.wss?uid=nas8N1020384)
[SSL Protocols by OS Version](http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/rzain/rzainrzaintls.htm)
### 7.3
- TLS 1.2
- TLS 1.1
- TLS 1.0
- SSL v3
- SSL v2
Note: SSLv2 cannot be used if TLSv1.2 is enabled on the system in the QSSLPCL system value
[More info](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzain/rzainprotos.htm)
### 7.2
- TLS 1.2
- TLS 1.1
- TLS 1.0
- SSL v3
- SSL v2
Note: SSLv2 cannot be used if TLSv1.2 is supported
[More info](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/rzain/rzainprotos.htm)
### 7.1
- TLS 1.2
- TLS 1.1
- TLS 1.0
- SSL v3
- SSL v2
Note: TLS 1.2 requires PTF SI48659 ([More info](http://www-01.ibm.com/support/docview.wss?uid=nas3SI48659))
Note: SSLv2 cannot be used if TLSv1.2 is supported
[More info](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzain/rzainprotos.htm)
### 6.1
- TLS 1.0
- TLS 1.0 with SSL v3 compatibility
- SSL v3
- SSL v2
- SSL v3 with SSL v2 compatibility
Note:"Version x with Version y compatibility" means that it will first attempt to negotiate Version x, then attempt Version y if Version x fails. If Version y also fails, the SSL handshake will fail.
### V5R4
- TLS 1.0
- TLS 1.0 with SSL v3 compatibility
- SSL v3
- SSL v2
- SSL v3 with SSL v2 compatibility
Note: "Version x with Version y compatibility" means that it will first attempt to negotiate Version x, then attempt Version y if Version x fails. If Version y also fails, the SSL handshake will fail.
### *OPSYS Default Values
[IBM Reference](http://www-01.ibm.com/support/docview.wss?uid=nas8N1020876)
#### 7.3
- `*TLSV1.2`
- `*TLSV1.1`
- `*TLSV1`
#### 7.2
- `*TLSV1.2`
- `*TLSV1.1`
- `*TLSV1`
#### 7.1
- `*TLSV1`
- `*SSLV3`
#### 6.1
- `*TLSV1`
- `*SSLV3`
## Cipher Suites
### View Enabled Suites
`DSPSYSVAL SYSVAL(QSSLCSL)`
### PTFs that Disabled Cipher Suites
#### 7.3
**[MF62780](http://www-01.ibm.com/support/docview.wss?uid=nas3MF62780)** - Remove 3DES from System SSL/TLS default
#### 7.2
**[MF62778](http://www-01.ibm.com/support/docview.wss?uid=nas3MF62778)** - Remove 3DES from System SSL/TLS default
**[MF61243](http://www-01.ibm.com/support/docview.wss?uid=nas3MF61243)** - Remove RSA_MD5 from System SSL/TLS default
**[MF60333](http://www-01.ibm.com/support/docview.wss?uid=nas3MF60333)** - Remove SSLv3 and RC4 from System SSL default
#### 7.1
**[MF62779](http://www-01.ibm.com/support/docview.wss?uid=nas3MF62779)** - Remove 3DES from System SSL/TLS default
**[MF61242](http://www-01.ibm.com/support/docview.wss?uid=nas3MF61242)** - Remove RSA_MD5 from System SSL/TLS default
**[MF60335](http://www-01.ibm.com/support/docview.wss?uid=nas3MF60335)** - Remove SSLv3 and RC4 from System SSL default
#### 6.1/6.1.1
**[MF62786](http://www-01.ibm.com/support/docview.wss?uid=nas3MF62786)**/**[MF62785](http://www-01.ibm.com/support/docview.wss?uid=nas3MF62785)** - Remove 3DES from System SSL/TLS default
**[MF60331](http://www-01.ibm.com/support/docview.wss?uid=nas3MF60331)**/**[MF60338](http://www-01.ibm.com/support/docview.wss?uid=nas3MF60338)** - Remove SSLv3 and RC4 from System SSL default
### Using SST/SSLCONFIG to Re-Enable Cipher Suites
To change the System SSL settings with the Start System Service Tools (STRSST) command, follow these steps:
1. Open a character-based interface.
2. On the command line, type STRSST.
3. Type your service tools user name and password.
4. Select option 1 (Start a service tool).
5. Select option 4 (Display/Alter/Dump).
6. Select option 1 (Display/Alter storage).
7. Select option 2 (Licensed Internal Code (LIC) data).
8. Select option 14 (Advanced analysis).
9. Select option 1 (SSLCONFIG).
10. Enter -h
This will show the help screen that describes the input strings to change the System SSL setting for `-eligibleDefaultProtocols` and `-eligibleDefaultCipherSuites`.
