Various parameter options (PARM=)
PARM
PORT=&PORT,US=&UNSECON,CLAUTH=&CLAUTH,CERT=&CERT,KEYRING=&KEYRING,
SV=&SSLVERS,CI=&CIPHERS,SSLT=&SSLTRCFN,SSLD=&SSLDUMP,CBDLL=&CBDLL,
TO=&TIMEOUT'
- PORT=
-
Specifies the Listen Port (Default: 1202)
- TCP=
-
Specifies the single TCP/IP stack name that CCISSL uses. The default is all active TCP/IP stack names.
- UNSECON=
-
Specifies either:
- NEVER - (default) A connecting CCIPC not supporting and enabled for SSL is denied a connection.
- ALLOW - All connections are unsecured unless the connecting CCIPC supports and REQUIRES an SSL connection.
- NONSSL – A connecting CCIPC not supporting SSL (pre version 1.1.7) is allowed to connect unsecured. A connecting CCIPC supporting and enabled for SSL connects secured.
- ONLY - Only unsecured connections are allowed. A connecting CCIPC supporting and requiring SSL is denied a connection. This option disables SSL support for this CCIPC server. (CCITCP is CCISSL permanently set to this value.)
- CLAUTH=
-
- N (default) - Do not authenticate Client Certificates.
- Y - Do authenticate Client Certificates.
- Pass - Client certificates are not authenticated but are still requested for user exit validation.
- CERT=
-
The Server Certificate Label Name:
- '*' - Use a Certificate whose label is CCIPC. If not found, use a Certificate whose label is local to the CAICCI Sysid. If not found, use a Certificate whose label is CAICCI.
- 'label' - Use a Certificate whose name is label.
- “(null)” - Use the SystemSSL default Certificate.
Note: The embedded blanks within Certificate Label Names are not supported.
- KEYRING=
-
Specifies the name of an external security keyring (Used instead of an HFS key database)
- SSLVERS=
-
The version of System SSL that CCISSL uses to request SSL services.
- 1 - Version 1 (OS/390 version)
- 2 - Version 2 (z/OS 1.2 version)
- “(null)” - Use highest available version (default)
- PROT=
-
The security protocols that are enabled:
- SSL - Only SSL Version 3 (default)
- TLS - Only TLS Version 1
- SSL/TLS or TLS/SSL or S/T or T/S or BOTH - Both SSL Version 3 and TLS Version 1 are enabled.
Note: Set PROT to TLS if possible. TLS provides a much higher level of security.
- CIPHERS=
-
One or more SSL (Version 3) ciphers, in the order of usage preference, for CAICCI packet encryption in the form XXYYZZ...
- '01' - NULL MD5
- '02' - NULL SHA
- '03' - RC4 MD5 Export
- '04' - RC4 MD5 US
- '05' - RC4 SHA US
- '06' - RC2 MD5 Export
- '09' - DES SHA Export
- '0A' - 3DES SHA US
- '2F' - 128-bit AES SHA US
- '35' - 256-bit AES SHA US
- IBM - Use System SSL default list: (for example, 0504352F0A090306020100)
- 3DES - Use System SSL default list putting 3DES at top of list: (for example, 0A0504352F090306020100)
- AES128 or AES-128 - Use System SSL default list putting 128-bit AES at top of list: (for example, 2F0504350A090306020100)
- AES or AES256 or AES-256 - Use System SSL default list putting 256-bit AES at top of list: (for example, 3505042F0A090306020100)
Default: 3DES
- SSLTRCFN
-
Specifies the name of the HFS file where System SSL can write trace entries. (Specifying the file name turns on tracing.)
- SSLDUMP=
-
Specifies whether the SSL packet is dumped to the Trace File (TRCPRINT):
Default: No
- CBDLL=
-
Specifies the module name of the dll containing the user exit routine for validating client (and server) certificates.
- TIMEOUT=
-
Specifies the number of seconds that a connection can remain idle before CCISSL (or CCITCP) disconnects it.
