Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

Adding an AT-TLS Rule

Adding an AT-TLS Rule

To add a rule, edit the policy file or use the IBM Configuration Assistant for
z/OS
Communications Server.
You can download the IBM Configuration Assistant from the IBM
z/OS
support web site.
The following table shows the statements to include when you add a rule:
Statement
Value
LocalPortRange
PowerExchange Listener port number.
Jobname
PowerExchange Listener job name.
Direction
Direction of communication. Specify
Inbound
to indicate that communication proceeds from client to Listener.
TTLSGroupActionRef
References an existing
group_action
that is defined in another section of the policy file.
TTLSEnvironmentActionRef
environment_action
References an existing
environment_action
that is defined in another section of the policy file.

Example Rule

The following statements show an example rule:
TTLSRULE JOB_JBBV861 { LocalPortRange 13132 Jobname JBBV861 Direction Inbound TTLSGroupActionRef gActEnableTTLS TTLSEnvironmentActionRef eActServerDefault }

References to Existing Sections of Policy File

The following table describes the existing sections of the policy file that the rule references:
Statement
Sub-Statement
Value
TTLS Group Action
TTLSEnabled
On
TTLS Group Action
CtraceClearText
Off
TTLS Group Action
Trace
7
TTLSEnvironmentAction
HandshakeRole
For servers, specifies one of the following values:
  • Server
    . The Listener act as the SSL server and does not require client authentication.
  • ServerWithClientAuth
    . The Listener act as the SSL server and requires client authentication.
TTLSEnvironmentAction
TTLSCipherParmsRef
References the TTLSCipherParms statement.
TTLSEnvironmentAction
TTLSKeyRingParmsRef
References the TTLSKeyRingParms statement.
TTLSCipherParms
V3CipherSuites
Supported symmetric cipher suites.
TTLSKeyRingParms
Keyring
Key ring that contains the personal and CA certificates.
The following statements show example sections of a referenced policy file:
TTLSGroupAction gActEnableTTLS { TTLSEnabled On CtraceClearText Off Trace 7 } TTLSEnvironmentAction eActServerDefault { HandshakeRole Server TTLSCipherParmsRef cipher1~AT-TLS__Silver TTLSKeyringParmsRef kATTLSkeyring } TTLSCipherParms cipher1~AT-TLS__Silver { V3CipherSuites TLS_RSA_WITH_DES_CBC_SHA V3CipherSuites TLS_RSA_WITH_3DES_EDE_CBC_SHA V3CipherSuites TLS_RSA_WITH_AES_128_CBC_SHA } TTLSKeyRingParms kATTLSkeyring { Keyring ATTLS_keyring }