Various parameter options (PARM=)
PARM
PORT=&PORT,US=&UNSECON,CLAUTH=&CLAUTH,CERT=&CERT,KEYRING=&KEYRING,
SV=&SSLVERS,CI=&CIPHERS,SSLT=&SSLTRCFN,SSLD=&SSLDUMP,CBDLL=&CBDLL,
TO=&TIMEOUT'
where
PORT= specifies the Listen Port (Default: 1202)
TCP= specifies the single TCP/IP stack name that CCISSL will use. The default is all active TCP/IP stack names.
UNSECON= specifies one of the following:
- NEVER - (default) A connecting CCIPC not supporting and enabled for SSL is denied a connection.
- ALLOW - All connections will be unsecured unless the connecting CCIPC supports and REQUIRES an SSL connection.
- NONSSL – A connecting CCIPC not supporting SSL (pre version 1.1.7) is allowed to connect unsecured. A connecting CCIPC supporting and enabled for SSL will connect secured.
- ONLY - Only unsecured connections are allowed. A connecting CCIPC supporting and requiring SSL is denied a connection This option disables SSL support for this CCIPC server. (CCITCP is CCISSL permanently set to this value.)
CLAUTH= specifies one of the following:
- N (default) - Do not authenticate Client Certificates.
- Y - Do authenticate Client Certificates.
- Pass - Client certificates are not authenticated but are still requested for user exit validation.
CERT= specifies the Server Certificate Label Name:
- '*' - Use a Certificate whose label is CCIPC. If not found, use a Certificate whose label is local to the CAICCI Sysid. If not found, use a Certificate whose label is CAICCI.
- 'label' - Use a Certificate whose name is label.
- “(null)” - Use the SystemSSL default Certificate.
Note: Embedded blanks within Certificate Label Names are not supported.
KEYRING= specifies the name of an external security keyring (Used instead of an HFS key database)
SSLVERS= specifies the version of System SSL that CCISSL should use to request SSL services.
- 1 - Version 1 (OS/390 version)
- 2 - Version 2 (z/OS 1.2 version)
- “(null)” - Use highest available version (default)
PROT= specifies which security protocol(s) should be enabled:
- SSL - Only SSL Version 3 (default)
- TLS - Only TLS Version 1
- SSL/TLS or TLS/SSL or S/T or T/S or BOTH - Both SSL Version 3 and TLS Version 1 are enabled.
CIPHERS= specifies one or more SSL (Version 3) ciphers, in the order of usage preference, for CAICCI packet encryption in the form XXYYZZ...
- '01' - NULL MD5
- '02' - NULL SHA
- '03' - RC4 MD5 Export
- '04' - RC4 MD5 US
- '05' - RC4 SHA US
- '06' - RC2 MD5 Export
- '09' - DES SHA Export
- '0A' - 3DES SHA US
- '2F' - 128-bit AES SHA US
- '35' - 256-bit AES SHA US
- IBM - Use System SSL default list: (i.e., 0504352F0A090306020100)
- 3DES - Use System SSL default list putting 3DES at top of list: (i.e.,0A0504352F090306020100) (default)
- AES128 or AES-128 - Use System SSL default list putting 128-bit AES at top of list: (i.e., 2F0504350A090306020100)
- AES or AES256 or AES-256 - Use System SSL default list putting 256-bit AES at top of list: (i.e., 3505042F0A090306020100)
SSLTRCFN= specifies the name of the HFS file where System SSL can write trace entries. (Specifying the file name turns on tracing.)
SSLDUMP= specifies whether SSL packets should be dumped to the Trace File (TRCPRINT):
CBDLL= specifies the module name of the dll containing the user exit routine for validating client (and server) certificates.
TIMEOUT= specifies the number of seconds that a connection may remain idle before it is disconnected by CCISSL (or CCITCP).