Not all IBM i secure connections are secure!
Check this link for IBM's list of weak protocols and weak cipher suites.
The QSSLCSL system value will tell you which ciphers are installed on your system.
NOTE! The secure sockets (SK) audit feature below is only available in 7.3 and above. The ability to view the SK records in Nav is only available from 7.5.
Welcome to QAUDJRN! The built-in security audit journal includes the capability to monitor and capture socket level data.
Enable *NETSECURE to your system value QAUDLVL (or QAUDLVL2 if you are already tracking a lot of security events). This will create Secure Sockets (SK) records in the audit journals. These records contain the data we need to monitor cipher usage.
The *NETSECURE options provides powerful insight into socket level connection data, including:
SK records will start to appear in the audit journal once this value is enabled. We'd love to show you what this looks like, but there's a bug in IBM i OS 7.5 that causes the audit journal to fail. We've beeb in touch with IBM about this and a fix is forthcoming as of Apr 18 2023.
Here is a listing of SK records in QAUDJRN in good old green screen:
And here is what an individual SK records looks like:
There are several more screens for this record. For the above screen, note the data points containing the protocol and cipher for the connection. In this case TLS1.3 with AES_128_GCM_SHA256.
Now that the data we need is in the journal, we just need to report on it to look for insecure connections. More on that soon.
Our iEventMonitor software includes a built-in watch for audit journal SK records. Please email firstname.lastname@example.org for more information.