SAS_SSL_CIPHER_LIST Environment Variable

Specifies the ciphers that can be used on UNIX and z/OS for OpenSSL.

Client: Optional
Server: Optional
Valid in: Configuration file, command line
Categories: Communications: Networking and Encryption
System Administration: Security
Operating environment: UNIX and z/OS
Notes: This environment variable is available in all SAS 9.3 and SAS 9.4 versions of software if hot fixes are applied.
This environment variable must be set before TLS or SSL are loaded. It cannot be changed after TLS or SSL is loaded. You must set the environment variable before the SAS/CONNECT spawner is started and before SAS is started on the client.
Tip: You can also define SET commands for Windows by using the System Properties dialog box that you access from the Control Panel.
See: Defining Environment Variables in UNIX Environments in SAS Companion for UNIX Environments, TKMVSENV File in SAS Companion for z/OS
Examples: Export the environment variable on UNIX hosts for the Bourne Shell:
export SAS_SSL_CIPHER_LISTSS=TLS1.2
Set the environment variable on UNIX hosts for the C Shell environment:
SETENV SAS_SSL_CIPHER_LISTS HIGH 
Set the environment variable at SAS invocation for UNIX hosts:
-set SAS_SSL_CIPHER_LISTS 3DES:RC2"
Set the environment variable on Windows hosts
SET SAS_SSL_CIPHER_LISTS SHA256

Syntax

SAS_SSL_CIPHER_LIST=openssl_cipher_list

Syntax Description

openssl-cipher-list

The SAS_SSL_CIPER_LIST environment variable specifies the ciphers that can be used on UNIX and z/OS for OpenSSL. Refer to the OpenSSL Ciphers document to see how to format the openssl-cipher-list and for a complete list of the ciphers that work with your TLS or SSL version. The OpenSSL Cipher information can be found at OpenSSL 1.0.1 Ciphers

Note: SAS does not support CAMELLIA, IDEA, MD2, and RC5 ciphers.
Note: The protocol and cipher information for the actual connection can be seen by setting dumpCurrentCipherInfo at the SAS DEBUG level. For information, see Encryption: SAS Logging Facility.
Note: If you set a minimum protocol that does not allow some ciphers, you might get an error.
For Windows, you can configure the SSL Cipher Suite Order in the group policy settings. Search the https://msdn.microsoft.com/en-US/ website for information about how to set the SSL or TLS Cipher Suite Order.

Details

This environment variable is available on UNIX and z/OS platforms. This environment variable can be specified anytime before TLS is used. After TLS is loaded, it cannot be changed.
Refer to the OpenSSL documentation on ciphers for information about the ciphers that can be specified for this environment variable. This information can be found at OpenSSL 1.0.1 Ciphers.
Note: For Windows, you can configure the SSL Cipher Suite Order in the group policy settings. Search the https://msdn.microsoft.com/en-US/ website for information about how to set the SSL or TLS Cipher Suite Order.