|
|
|
The PROTOCOL control option is used to specify the communications protocol supported by this local host node and its associated network parameters to access remote CAICCI nodes. Default: retry=10, maxru=4096, start/stop=START/SHUT.
All parameters must be entered.
Specifies the desired communication protocol to be used. Possible values are:
Activates VTAM drivers to enable host-to-host connections using LU0.
Specifies that the cross system communication facility be used for host-to-host connectivity of those systems within a common sysplex.
Specifies that the coupling facility be used for host-to-host connectivity of those systems within a common sysplex.
Activates host-to-PC connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS.
Activates host-to-host connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS.
Activates host-to-PC connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS with Secure Sockets Layer (SSL).
Activates peer-to-peer connection using IBM TCP/IP or CA TCPaccess Communications Server for z/OS with Secure Sockets Layer (SSL).
Specifies the network communication establishment parameters:
Specifies the listening port number for TCPSSL or TCPSSLGW. If the port number is specified, it must be appended to the hostname or IP address prefixed with a colon(:). The default port number for TCPSSL is 1202; the default port number for TCPSSLGW is 1721.
The following is a list of valid keywords, their abbreviations, and allowable values (case insensitive). Each keyword=value parameter must be prefixed with a semicolon (;) as a delimeter.
The TCP/IP stack name. The default is all active TCP/IP stacks.
Indicates whether or not to accept non-SSL (unsecured) clients:
NEVER | N - (default) Remote Hosts or PCs not supporting or enabled for SSL are denied a connection.
ALLOW | A - All connections will be unsecured unless the PC supports and REQUIRES an SSL connection.
NONSSL | NS - PCs not supporting SSL (pre-version 1.1.7) are allowed to connect unsecured. PCs supporting and enabled for SSL will connect secured.
ONLY | O - Only unsecured connections allowed. PCs supporting and requiring SSL are denied a connection.
Indicates whether PC Client Certificates should be authenticated:
NO | N (default)
YES | Y
PASS | P - The client certificate is not authenticated but is still requested for user exit validation.
Indicates whether PC Client Certificates should be authenticated:
NO | N
YES | Y (default)
PASS | P - Client certificate is not authenticated but is still requested for user exit validation.
Specifies the Server Certificate Label Name
'*' - Use the certificate whose label is "CCIPC" (for TCPSSL) or “CCIGW” (for TCPSSLGW). If not found, use the certificate whose label is the local CAICCI sysid. If not found, use the certificate whose label is "CCI".
'label' - Use the certificate whose name is label.
'(null)' - (default) Use the SystemSSL default certificate.
Note: Embedded blanks within Certificate Label Names are not supported.
Specifies the name of the external security keyring (Used in lieu of an HFS key database)
Specifies the version of System SSL that TCPSSL should use to request SSL services:
1 - Version 1 (OS/390 version)
2 - Version 2 (z/OS 1.2 version)
'(null)' - Use highest available version (default)
Specifies which security protocol(s) should be enabled:
SSL - Only SSL Version 3 (default)
TLS - Only TLS Version 1
SSL/TLS | TLS/SSL | S/T | T/S | BOTH - Both SSL Version 3 and TLS Version 1 are enabled
Specifies the choice of one or more SSL (Version 3) cipher suites in the order of usage preference, for CAICCI packet encryption in the form of 'xxyyzz…'
The cipher suite values are:
'01' - NULL MD5
'02' - NULL SHA
'03' - RC4 MD5 Export
'04' - RC4 MD5 US
'05' - RC4 SHA US
'06' - RC2 MD5 Export
'09' - DES SHA Export
'0A' - 3DES SHA US
'2F' - 128-bit AES SHA US
'35' - 256-bit AES SHA US
IBM - Use the System SSL default list: '0504352F0A090306020100'
3DES - (default) Use the System SSL default list but put 3DES SHA US at the top of the list: '0A0504352F090306020100'
AES128 | AES-128 - Use the System SSL default list but put 128-bit AES SHA US at the top of the list: '2F0504350A090306020100'
AES | AES256 | AES-256 - Use the System SSL default list but put 256-bit AES SHA US at the top of the list: '3505042F0A090306020100'
Specifies the name of the HFS file where the System SSL can write trace entries. (Specifying the file name turns on tracing!)
Indicates whether SSL packets should be dumped to the Trace File (TRCPRINT):
NO | N - (default)
YES | Y
Specifies the module name of the DDL containing the user exit routine for validating client
(and server) certificates.
The re-poll time in minutes that CAICCI uses to attempt to re-establish a session with the specified network transport specified. This time ranges from 1 to 59 minutes and has a default value of 10.
This is a positional operand that requires two commas as a place holder when the default value is to be used.
A retry time of zero for a PROTOCOL will generate the messages:
CAS9604W-CAICCI-INVALID RETRY TIME SPECIFIED
CAS9604W-CAICCI-PROTOCOL ENCOUNTERED ERRORS
A unique 1 to 8 character identifier that is used for this CAICCI system. This identifier must be kept unique within the entire CAICCI system network. This operand is required, and must be the same as specified with the SYSID control statement.
The maximum data packet size, specified in decimal bytes, that is allowed to be transmitted between the local CAICCI and the remote CAICCI nodes.
The default MAXRU value is 4096 or the value set by the MAXRU control option statement.
Note: For any of the TCP/IP protocols, the MAXRU default of 4096 is conservative and should be changed to a higher value for more efficient operation.
The control words used to specify when the LU-to-SSCP session is to be established and terminated. Acceptable values are:
Start link at CAICCI startup time. Drop link when CAICCI shuts down. START/SHUT is the default.
Start link at CAICCI startup time. Drop link when the first CA application issues a CAICCI TERM.
Start link when the first CA application issues a CAICCI INIT. Drop link when CAICCI shuts down.
Start link when the first CA application issues a CAICCI INIT. Drop link when the first CA application issues a CAICCI TERM.
Note: The last operand refers to when the ACB should be opened and when it should be closed. For z/OS, VM, and VSE, this operand should be specified as START/SHUT. Other operands available are shown but should not be selected unless specifically requested by the installation procedures of the CA solution you are installing.
Important! The operands STOP and SHUT are fully compatible and can be substituted for one another.
Example (console)
CCI PROTOCOL(VTAM,A97CVC01,01,A97SYSID,4000,START/STOP)
CCI PROTOCOL(TCPIPGW,SSID=ACSS:7000,1,USI273ME)
Example (ENFPARMS)
PROTOCOL(VTAM,A97CVC01,01,A97SYSID,4000,START/STOP)
PROTOCOL(TCPIP)
PROTOCOL(TCPIPGW,7000,1,USI273ME)
PROTOCOL(TCPSSLGW,7000;US=NS;CI=3DES;CERT=*,1,A97S)
PROTOCOL(TCPSSLGW,7001;CI='352F0A',01,A73S)
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |