PROCESS Statement Overrides for Connect:Direct Secure Plus Defaults
The first statement in all IBM® Connect:Direct® Processes is the PROCESS statement which defines the attributes of a Process. The SECURE keyword in the PROCESS statement allows you to perform one or more of the following functions:
- Turn on security when non-secure sessions are the default
- Select the protocol (SSL or TLS) when non-secure sessions are
the default
Note: Support for SSL, TLS 1.0 and TLS 1.1 will be removed in future release.
- Specify one or more cipher suites to override the default cipher suites defined in the Connect:Direct Secure Plus parameter file
- Turn off security when secure sessions are the default (if OVERRIDE=Y is specified in the Remote Node record settings in the Connect:Direct Secure Plus parameter file).
- Encrypt only the control block information contained in Function Management Headers (FMHs), such as a user ID, password, and filename. (The default is to encrypt both the control block information and the data being transferred.)
Note: If System SSL is in FIPS mode, TLS is the only supported protocol.
See Planning for System SSL in FIPS Mode.
Warning: The use of TCPNAME in PROCESS is not supported when Secure+ is used. If this
value is specified like the following example: the process can either fail, or not use
Secure+:
SNODE=TCPNAME=&SNODE
The following syntax example shows the options available for the SECURE keyword:
SECURE=OFF|SSL|TLS|TLS11|TLS12|TLS13
or
SECURE=ENCRYPT.DATA=Y|N
or
SECURE = (OFF|SSL|TLS|TLS11|TLS12|TLS13, ENCRYPT.DATA=Y|N)
or
SECURE = (OFF|SSL|TLS|TLS11|TLS12|TLS13,<cipher_suite>|(cipher_suite_list),ENCRYPT.DATA=Y|N)
If you use multiple SECURE subparameters,
ENCRYPT.DATA must be the last (or only) value specified on the
SECURE= parameter.
Note:
- Secure=(Encrypt.Data = Y|N) will be ignored by process and process steps even if user provides multiple SECURE subparameters. Also, it will issue separate information message (CSPA051I) for Secure=Encrypt.Data=Y|N.
- Support for SSL, TLS 1.0 and TLS 1.1 will be removed in future release.