The PROTOCOL control option is used to specify the communications protocol that is supported by this local host node and its associated network parameters to access remote CAICCI nodes. Default: retry=10, maxru=4096, start/stop=START/SHUT.
All parameters must be entered.
Specifies the desired communication protocol to be used. Possible values are:
Activates the VTAM drivers to enable host-to-host connections using LU0.
Specifies that the cross system communication facility is used for host-to-host connectivity of those systems within a common sysplex.
Specifies that the coupling facility is used for host-to-host connectivity of those systems within a common sysplex.
Activates host-to-PC connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS.
Activates the host-to-host connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS.
Activates host-to-PC connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS with Secure Sockets Layer (SSL).
Activates peer-to-peer connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS with Secure Sockets Layer (SSL).
Network communication establishment parameters:
Specifies the listening port number for TCPSSL or TCPSSLGW. If the port number is specified, it must be appended to the hostname or IP address that is prefixed with a colon(:). The default port number for TCPSSL is 1202; the default port number for TCPSSLGW is 1721.
The following lists valid keywords, their abbreviations, and allowable values (case insensitive). Each keyword=value parameter must be prefixed with a semicolon (;) as a delimiter.
The TCP/IP stack name. The default is all active TCP/IP stacks.
Indicates whether to accept non-SSL (unsecured) clients:
NEVER | N - (default) Remote Hosts or PCs not supporting or enabled for SSL are denied a connection.
ALLOW | A - All connections are unsecured unless the PC supports and REQUIRES an SSL connection.
NONSSL | NS - PCs not supporting SSL (pre-version 1.1.7) are allowed to connect unsecured. PCs supporting and enabled for SSL connect secured.
ONLY | O - Only unsecured connections allowed. PCs supporting and requiring SSL are denied a connection.
Indicates whether PC Client Certificates is authenticated:
NO | N (default)
YES | Y
PASS | P - The client certificate is not authenticated but is still requested for user exit validation.
Indicates whether PC Client Certificates is authenticated:
NO | N
YES | Y (default)
PASS | P - Client certificate is not authenticated but is still requested for user exit validation.
Specifies the Server Certificate Label Name
'*' - Use the certificate whose label is "CCIPC" (for TCPSSL) or “CCIGW” (for TCPSSLGW). If not found, use the certificate whose label is the local CAICCI sysid. If not found, use the certificate whose label is "CCI".
'label' - Use the certificate whose name is label.
'(null)' - (default) Use the SystemSSL default certificate.
Note: The embedded blanks within Certificate Label Names are not supported.
Specifies the name of the external security keyring (Used in lieu of an HFS key database)
Specifies the version of System SSL that TCPSSL uses to request SSL services:
1 - Version 1 (OS/390 version)
2 - Version 2 (z/OS 1.2 version)
'(null)' - Use highest available version (default)
Specifies which security protocols are enabled:
SSL - Only SSL Version 3 (default)
TLS - Only TLS Version 1
SSL/TLS | TLS/SSL | S/T | T/S | BOTH - Both SSL Version 3 and TLS Version 1 are enabled.
Specifies the choice of one or more SSL (Version 3) cipher suites in the order of usage preference, for CAICCI packet encryption in the form of 'xxyyzz…'
The cipher suite values are:
'01' - NULL MD5
'02' - NULL SHA
'03' - RC4 MD5 Export
'04' - RC4 MD5 US
'05' - RC4 SHA US
'06' - RC2 MD5 Export
'09' - DES SHA Export
'0A' - 3DES SHA US
'2F' - 128-bit AES SHA US
'35' - 256-bit AES SHA US
IBM - Use the System SSL default list: '0504352F0A090306020100'
3DES - (default) Use the System SSL default list but put 3DES SHA US at the top of the list: '0A0504352F090306020100'
AES128 | AES-128 - Use the System SSL default list but put 128-bit AES SHA US at the top of the list: '2F0504350A090306020100'
AES | AES256 | AES-256 - Use the System SSL default list but put 256-bit AES SHA US at the top of the list: '3505042F0A090306020100'
Specifies the name of the HFS file where the System SSL can write trace entries. (Specifying the file name turns on tracing!)
Indicates whether the SSL packets are dumped to the Trace File (TRCPRINT):
NO | N - (default)
YES | Y
Specifies the module name of the DDL containing the user exit routine for validating client
(and server) certificates.
Re-poll time in minutes that CAICCI uses to attempt to re-establish a session with the specified network transport specified. This time ranges from 1 to 59 minutes and has a default value of 10.
This operand is a positional operand that requires two commas as a place holder when the default value is used.
A retry time of zero for a PROTOCOL generates the messages:
CAS9604W-CAICCI-INVALID RETRY TIME SPECIFIED
CAS9604W-CAICCI-PROTOCOL ENCOUNTERED ERRORS
Unique one through eight character identifier that is used for this CAICCI system. This identifier must be kept unique within the entire CAICCI system network. This operand is required, and must be the same as specified with the SYSID control statement.
Maximum data packet size, which is specified in decimal bytes, that is allowed to be transmitted between the local CAICCI and the remote CAICCI nodes.
The default MAXRU value is 4096 or the value set by the MAXRU control option statement.
Note: For any of the TCP/IP protocols, the MAXRU default of 4096 is conservative and should be changed to a higher value for more efficient operation.
Control words that are used to specify when the LU-to-SSCP session is established and terminated.
Start link at CAICCI startup time. Drop link when CAICCI shuts down.
Start link at CAICCI startup time. Drop link when the first CA application issues a CCI TERM.
Start link when the first CA application issues a CCI INIT. Drop link when CAICCI shuts down.
Start link when the first CA application issues a CCI INIT. Drop link when the first CA application issues a CCI TERM.
Note: The last operand refers to when the ACB is opened and when it is closed. For z/OS, VM, and VSE, specify this operand as START/SHUT. Only select other available operands if the installation procedures of the CA Technologies solution you are installing specifically requests it.
Important! The operands STOP and SHUT are fully compatible and can be substituted for one another.
Example (console)
CCI PROTOCOL(VTAM,A97CVC01,01,A97SYSID,4000,START/STOP)
CCI PROTOCOL(TCPIPGW,1721,1,USI273ME)
Example (ENFPARMS)
PROTOCOL(VTAM,A97CVC01,01,A97SYSID,4000,START/STOP)
PROTOCOL(TCPIP)
PROTOCOL(TCPIPGW,1721,1,USI273ME)
PROTOCOL(TCPSSLGW,1721;US=NS;CI=3DES;CERT=*,1,A97S)
PROTOCOL(TCPSSLGW,7001;CI='352F0A',01,A73S)
Copyright © 2014 CA Technologies.
All rights reserved.
|
|