Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

Example AT-TLS Policy File for PowerExchange

Example AT-TLS Policy File for PowerExchange

The following example shows a complete AT-TLS policy file for PowerExchange:
## ## AT-TLS Policy Agent Configuration file for: ## Image: MHZ2 ## Stack: TCPIP ## This is a sample AT_TLS Policy Agent Configuration file for Power Exchange, based ## on a subset of a file originally created by the IBM z/OS Network Security ## Configuration Assistant application. ## ## It defines a listener (jobname PWXSSL85) which acts as SSL server ## (Direction=inbound) and a second listener (PWXSSLMX) which acts as SSL server only ## when connected via its port 18501. ## ## TLSRule 0-1 defines listener with jobname PWXSSL85 which as as SSL server for all ## connections (connection direction is inbound - from client to listener). ## - IpAddrSet addr1 specifies that the rule applies to any IP address and port. ## - Group Action gAct1 specifies that SSL is to be enabled for this connection. ## - Environment Action eAct1 specifies that the listener acts as SSL server, with ## keyring defined by the keyR-MHZ2 TTLSkeyRingPArms statement. ## - Connection Action cAct1 specifies that encryption parameters defined by ## TTLSCipherParms statement cipher1~AT-TLS__Silver, and that the listener is to act ## as SSL server (without client certificates). ## ## TLSRule 0-5 defines a similar listener with jobname PWXSSLMX which has more than one ## listener port. It is to use SSL only if communicating via its port 18501 (portrange ## statement portR1. ## ## TTLSCipherParms cipher1~AT-TLS__Silver shows a list on Cipher Suites which can be used ## for the connections. ## TTLSRule 0~1 { LocalAddrSetRef addr1 RemoteAddrSetRef addr1 Jobname PWXSSL85 Direction Inbound Priority 255 TTLSGroupActionRef gAct1 TTLSEnvironmentActionRef eAct1 TTLSConnectionActionRef cAct1 } TTLSRule 0~5~ { LocalAddrSetRef addr1 RemoteAddrSetRef addr1 LocalPortRangeRef portR1 Jobname PWXSSLMX Direction Inbound Priority 251 TTLSGroupActionRef gAct1 TTLSEnvironmentActionRef eAct1 TTLSConnectionActionRef cAct1 } TTLSGroupAction gAct1 { TTLSEnabled On Trace 7 } TTLSEnvironmentAction eAct1 { HandshakeRole Server EnvironmentUserInstance 0 TTLSKeyringParmsRef keyR~MHZ2 } TTLSEnvironmentAction eAct2 { HandshakeRole Client EnvironmentUserInstance 0 TTLSKeyringParmsRef keyR~MHZ2 } TTLSConnectionAction cAct1 { HandshakeRole Server TTLSCipherParmsRef cipher1~AT-TLS__Silver Trace 7 } TTLSConnectionAction cAct2 { HandshakeRole Client TTLSCipherParmsRef cipher1~AT-TLS__Silver Trace 7 } TTLSKeyringParms keyR~MHZ2 { Keyring ATTLS_keyring } TTLSCipherParms cipher1~AT-TLS__Silver { V3CipherSuites TLS_RSA_WITH_DES_CBC_SHA V3CipherSuites TLS_RSA_WITH_3DES_EDE_CBC_SHA } IpAddrSet addr1 { Prefix 0.0.0.0/0 } PortRange portR1 { Port 18501 }

0 COMMENTS

We’d like to hear from you!