Various parameter options (PARM=).
PORT=&PORT,TCP=&TCP,US=&UNSECON,RMAUTH=&RMAUTH,CERT=&CERT,
KEYRING=&KEYRING,SV=&SSLVERS,CI=&CIPHERS,SSLT=&SSLTRCFN,SSLD=&SSLDUMP,CBDLL=&CBDLL'
where
PORT= specifies the Listen Port (Default: 1202)
TCP= specifies the single TCP/IP stack name that CCISSLGW will use. The default is all active TCP/IP stack names.
UNSECON= specifies one of the following:
- NEVER - (default) A remote CCI not supporting and enabled for SSL is denied a connection.
- ALLOW - All connections will be unsecured unless the remote CCI supports and REQUIRES an SSL connection.
- NONSSL – A remote CCI not supporting SSL are allowed to connect unsecured. A remote CCI supporting and enabled for SSL will connect secured.
- ONLY - Only unsecured connections are allowed. A remote CCI supporting and requiring SSL is denied a connection. This option disables SSL support for this gateway server. (CCITCPGW is CCISSLGW permanently set to this value.)
RMAUTH= specifies one of the following:
- N - Do not authenticate Remote Certificates.
- (default) - Do authenticate Remote Certificates.
- Pass - Remote certificates are not authenticated but are still requested for user exit validation.
CERT= specifies the Server Certificate Label Name:
- '*' - Use a Certificate whose label is CCIGW. If not found, use a Certificate whose label is local to the CAICCI Sysid. If not found, use a Certificate whose label is CCI.
- 'label' - Use a Certificate whose name is label.
- “(null)” - Use the SystemSSL default Certificate.
Note: Embedded blanks within Certificate Label Names are not supported.
KEYRING= specifies the name of an external security keyring (Used instead of an HFS key database)
SSLVERS= specifies the version of System SSL that CCISSLGW should use to request SSL services.
- 1 - Version 1 (OS/390 version)
- 2 - Version 2 (z/OS 1.2 version)
- “(null)” - Use highest available version (default)
PROT= specifies which security protocol(s) should be enabled:
- SSL - Only SSL Version 3 (default)
- TLS - Only TLS Version 1
- SSL/TLS or TLS/SSL or S/T or T/S or BOTH - Both SSL Version 3 and TLS Version 1 are enabled.
CIPHERS= specifies one or more SSL (Version 3) ciphers, in the order of usage preference, for CAICCI packet encryption in the form XXYYZZ...
- '01' - NULL MD5
- '02' - NULL SHA
- '03' - RC4 MD5 Export
- '04' - RC4 MD5 US
- '05' - RC4 SHA US
- '06' - RC2 MD5 Export
- '09' - DES SHA Export
- '0A' - 3DES SHA US
- '2F' - 128-bit AES SHA US
- '35' - 256-bit AES SHA US
- IBM - Use System SSL default list: (such as, 0504352F0A090306020100)
- 3DES - Use System SSL default list putting 3DES at top of list: (such as,0A0504352F090306020100) (default)
- AES128 or AES-128 - Use System SSL default list putting 128-bit AES at top of list: (such as, 2F0504350A090306020100)
- AES or AES256 or AES-256 - Use System SSL default list putting 256-bit AES at top of list: (such as, 3505042F0A090306020100)
SSLTRCFN= specifies the name of the HFS file where System SSL can write trace entries. (Specifying the file name turns on tracing.)
SSLDUMP= specifies whether SSL packets should be dumped to the Trace File (TRCPRINT):
CBDLL= specifies the module name of the dll containing the user exit routine for validating client (and server) certificates.
