How Does TLS Cipher Suite Selection Affect z/OS Performance?
Project and Program:
Communications Server,
Service Delivery,
Network Security & Management
Tags:
Proceedings,
SHARE Kansas City 2024
As a z/OS network security administrator you've been asked to increase the
security level of your TLS definitions. But when you switched your TLS_
RSA_WITH_AES_256_GCM_SHA384 cipher suite to TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
your CPU consumption went through the roof! So what does it mean to move from
RSA key exchange to DHE? Or ECDHE? And what about ECDSA certificates vs. RSA?
This session will dive deep into a handful of some of the more popular cipher
suites to explore how the suites differ in behavior and how IBM Z hardware
crypto capabilities are (or are not) utilized to optimize performance.
Back to Proceedings File Library