PROCESS Statement Overrides for IBM Connect:Direct Secure Plus Defaults
The first statement in all IBM® Connect:Direct® Processes is the PROCESS statement which defines the attributes of a Process. The SECURE keyword in the PROCESS statement allows you to perform one or more of the following functions:
- Turn on security when non-secure sessions are the default
- Select the protocol (SSL or TLS) when non-secure sessions are the default
- Specify one or more cipher suites to override the default cipher suites defined in the IBM Connect:Direct Secure Plus parameter file
- Turn off security when secure sessions are the default (if OVERRIDE=Y is specified in the Remote Node record settings in the IBM Connect:Direct Secure Plus parameter file).
- Encrypt only the control block information contained in Function Management Headers (FMHs), such as a user ID, password, and filename. (The default is to encrypt both the control block information and the data being transferred.)
Note: If System SSL is in FIPS mode, TLS is the only supported protocol. See Planning for System SSL in FIPS Mode.
Warning: The use of TCPNAME in PROCESS is not supported when Secure+ is used. If this value is specified like the following example: the process can either fail, or not use Secure+:
The following syntax example shows the options available for the SECURE keyword:
SECURE=OFF|SSL|TLS|TLS11|TLS12|TLS13 or SECURE=ENCRYPT.DATA=Y|N or SECURE = (OFF|SSL|TLS|TLS11|TLS12|TLS13, ENCRYPT.DATA=Y|N) or SECURE = (OFF|SSL|TLS|TLS11|TLS12|TLS13,<cipher_suite>|(cipher_suite_list),ENCRYPT.DATA=Y|N)
If you use multiple SECURE subparameters, ENCRYPT.DATA must be the last (or only) value specified on the SECURE= parameter.
- Secure=(Encrypt.Data = Y|N) will be ignored by process and process steps even if user provides multiple SECURE subparameters. Also, it will issue separate information message (CSPA051I) for Secure=Encrypt.Data=Y|N.