Elliptic Curve Diffie-Hellman Ephemeral, Elliptic Curve Certificate, are good... eg
C02C TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384C030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384But with the recent announcement from IBM about quantum computing, and how it will make breaking prime number based encryption easy, it looks like RSA should not be used.I see that Lattice based encryption is available to ICSF on z/16 - but I cannot find this in openssl or in GSKIT.So given we want to connect z/OS, Windows and Linux systems together, is there a simple guide to help users decide what to use. Is there an industry direction?Is the following valid?
You can create certificates with certificate types of RSA or Digital Signature Algorithm(DSA), Elliptic Curve (and DSA).
I recommend having an Elliptic Curve (+DSA) certificate as the server certificate because it is stronger and better than the others.
This means using cipher specs like TLS_…_ECDSA_WITH….
This means use cipher suites
This is the information after the WITH_
AES is better than DES or 3DES.
Use cipher suite
GCM is better than CCM which is better than CBC. (For example GCM calculations can exploit multiple processor pipelines whereas CBC does not exploit multiple CPUs).
AEAD ciphers include GCM and ChaCha20-Poly1305(available in TLS 1.3).
SHA384 is stronger than SHA256 which is stronger than SHA. I saw some comments that SHA384 is better than SHA512 because of problems if a bad guy changes the size of the file when SHA512 is used.