After much back and forth with BMC Support and Engineering, it has been determined that the current versions of TSO do not support much of the newer encryption ciphers.  The default installations still use CBC_SHA and "anon" ciphers!  There is currently no support for Ephemeral Diffie-Helmann Elliptic Curve ciphers. TLS v1.3 is already here.  Widespread adoption has not started, but it will get more and more visibility as the next generation of SSL security comes about.

The newest ciphers that are currently supported are:

ciphers="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,

         TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,

         TLS_DHE_RSA_WITHCHACHA20_POLY1305_SHA256,

         TLS_DH_RSA_WITH_AES_128_GCM_SHA256,

         TLS_DH_RSA_WITH_AES_256_GCM_SHA384"

Support needs to be added for stronger ciphers for encrypted transmission.  As security becomes more and more paramount in applications and SSL requirements continue to increase and evolve, support needs to be added to the base infrastructure to include and enable these newer ciphers.

Please pass this along to your colleagues and teammates so that this idea can gain some visibility within BMC's product management teams.

Bill Robinson

Jim Perkins

Matthew Highcove

David Oropeza

Christopher Dale

Jeff Piontek

Gabriel Gonzalez

Kyle Fowler

Garry Wong