Update the .Local Node Record
The update localnode command configures the protocol for the .Local node record. The command has the following parameters:
Command | Parameter | Values |
---|---|---|
update localnode | protocol=Specifies a comma delimited list of Protocols to use in the .Local node record. | Disable | SSL,TLS,TLS1.1,TLS 1.2 (See Display Protocols) |
SecurityMode | Disable | FIPS140-2 | SP800-131A_TRANSITION | SP800-131A_STRICT |
SUITE_B-128 | SUITE_B-192 (See Display SecurityModes) |
|
override=Identifies if values in the remote node can override values defined in the .Local node record. | y | n | |
AuthTimeout=Specifies the maximum time, in seconds, that the system waits to receive the IBM Connect:Direct® control blocks exchanged during the IBM Connect:Direct authentication process. | 0–3600 The default is 120 seconds. |
|
KeyCertLabel=Identifies the label of the key certificate. | keycert label | null Note: If no keycert label is specified, the following
should be noted:
Pnode sessions will fail if the remote node requires client authentication. Snode sessions will fail. |
|
EncryptData=If no is specified, Encrypt Only Control Block Information; data is sent unencrypted. Default is Yes - data and control block information are encrypted. | y | n | |
ClientAuth = Enables client authentication in a .Client node record. | y | n | |
CipherSuites= Specifies the cipher suites
enabled. Note: Only certain cipher suites are supported in FIPS-mode. For a list of the FIPS-approved cipher suites, see Special Considerations in the IBM Connect:Direct for UNIX Release Notes. |
comma delimited list of cipher suites | all | null all—Enables all ciphers. null—Clears any existing values from the node definition. |
|
SeaEnable=Enables certificate validation by Sterling External Authentication Server | y | n | |
SeaCertValDef=Character string defined in Sterling External Authentication Server (SEAS). | character string | null null—Clears any existing values from the node definition. |