SAS_SSL_CIPHER_LIST Environment Variable

Specifies the ciphers that can be used on UNIX and z/OS for OpenSSL.
Client: optional
Server: optional
Valid in: Configuration file, command line
Categories: Communications: Networking and Encryption

System Administration: Security
Operating environment: UNIX and z/OS
Note: This environment variable must be set before TLS or SSL are loaded. It cannot be changed after TLS or SSL are loaded. You must set the environment variable before the SAS/CONNECT spawner is started and before SAS is started on the client.
Tip: You can also define SET commands for Windows by using the System Properties dialog box that you access from the Control Panel.
See: Defining Environment Variables in UNIX Environments in SAS Companion for UNIX Environments, TKMVSENV File in SAS Companion for z/OS
Examples: Export the environment variable on UNIX hosts for the Bourne Shell:
export SAS_SSL_CIPHER_LISTSS=TLS

Set the environment variable on UNIX hosts for the C Shell environment: 

SETENV SAS_SSL_CIPHER_LISTS HIGH

Set the environment variable at SAS invocation for UNIX hosts:

-set "SAS_SSL_CIPHER_LISTS "3DES:RC2"

Set the environment variable on Windows hosts: 

SET SAS_SSL_CIPHER_LISTS SHA256
Syntax
Details

Syntax

SAS_SSL_CIPHER_LIST=openssl_cipher_list
"SAS_SSL_CIPHER_LIST= openssl_cipher_list"
SAS_SSL_CIPHER_LIST openssl_cipher_list

Syntax Description

openssl-cipher-list
The SAS_SSL_CIPER_LIST environment variable specifies the ciphers that can be used on UNIX and z/OS for OpenSSL. Refer to the OpenSSL ciphers document to see how to format the openssl-cipher-list and for a complete list of the ciphers that work with your TLS or SSL version. The OpenSSL cipher documentation can be found at the following URL: https://www.openssl.org/docs/apps/ciphers.html#
Note: SAS does not support CAMELLIA, IDEA, MD2, and RC5 ciphers.
This environment variable is available in the second maintenance release for SAS 9.3 when security hot fixes are applied.
Note: If you set a minimum protocol that does not allow some ciphers, you might get an error.
For Windows, you can configure the SSL Cipher Suite Order in the group policy settings. Search the http://msdn.microsoft.com website for information about how to set the SSL or TLS Cipher Suite Order.

Details

This environment variable is available on UNIX and z/OS platforms when security hot fixes are applied second maintenance release for SAS 9.3. Refer to http://support.sas.com/security/alerts.html and Technical Support Hot Fixesfor the latest information about Hot Fixes.
This environment variable can be specified anytime before SSL is used. After SSL is loaded, it cannot be changed. Search the http://msdn.microsoft.com website for information about how to set the SSL or TLS Cipher Suite Order.
Refer to the OpenSSL documentation about ciphers for information about the ciphers that can be specified for this environment variable. This information can be found at the following URL: https://www.openssl.org/docs/apps/ciphers.html#
Copyright © SAS Institute Inc. All rights reserved.