Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

Adding an AT-TLS Rule

Adding an AT-TLS Rule

To add a rule, edit the policy file or use the IBM Configuration Assistant for
z/OS
Communications Server.
The IBM Configuration Assistant for
z/OS
Communications Server is installed with the IBM
z/OS
Management Facility.
The following table shows the statements to include when you add a rule:
Statement
Value
LocalPortRange
PowerExchange Listener port number.
Jobname
PowerExchange Listener job name.
Direction
Direction of communication. Specify
Inbound
to indicate that communication proceeds from client to Listener.
TTLSGroupActionRef
References an existing
group_action
that is defined in another section of the policy file.
TTLSEnvironmentActionRef
environment_action
References an existing
environment_action
that is defined in another section of the policy file.

Example Rule

The following statements show an example rule:
TTLSRULE PWXLSTTls12SrvrAuthTypeRequired { Jobname PWXLST* JLocalPortRange 46496 Direction Inbound TTLSGroupActionRef gActEnableTTLS TTLSEnvironmentActionRef eActTls12SrvrAuthTypeRequired }
The referenced TTLSGroupAction, TTLSEnvironmentAction, TTLSKeyRingParms, and TTLSCipherParms statements can be seen in the following example AT-TLS policy file for PowerExchange.
The rule causes inbound connections on port 46496 to job PWXLST to be intercepted by the AT-TLS proxy service. Protocol TLSV1_2 is used with certain AES256 ciphers. Certificates are requested from the client machine and the connection fails if they are out of date or not from a trusted CA.

References to Existing Sections of Policy File

The following table describes the existing sections of the policy file that the rule references:
Statement
Sub-Statement
Value
TTLS Group Action
TTLSEnabled
On
TTLS Group Action
CtraceClearText
Off
TTLS Group Action
Trace
7
TTLSEnvironmentAction
HandshakeRole
For servers, specifies one of the following values:
  • Server
    . The Listener acts as the SSL server and does not require client authentication.
  • ServerWithClientAuth
    . The Listener acts as the SSL server and requires client authentication.
TTLSEnvironmentAction
TTLSCipherParmsRef
References the TTLSCipherParms statement.
TTLSEnvironmentAction
TTLSKeyRingParmsRef
References the TTLSKeyRingParms statement.
TTLSCipherParms
V3CipherSuites
Supported symmetric cipher suites.
TTLSKeyRingParms
Keyring
Key ring that contains the personal and CA certificates.