Remote Node Security Feature Definition Worksheet

Record the security feature definitions for a remote node record on this worksheet. Make a copy of this worksheet for each remote node defined in the Connect:Direct® Secure Plus parameter file that you are configuring for IBM Connect:Direct Secure Plus operations. Refer to this worksheet when you configure a remote node record.

Remote Node Name: ________________________________________________
Security Options  
TLS protocol enabled:
Note: With version 6.4 release, older protocols SSL, TLS 1.0 and TLS 1.1 are deprecated and are no longer available for selection.
Yes _____ No ______

TLS1.0 ___ TLS1.1 ____ TLS1.2 ___TLS1.3 ___

SSL protocol enabled: Yes _____ No ______
Enable Override:

When override is enabled in a remote node record, values in the PROCESS statement override values in the remote node record that uses either protocol.

Yes _____ No ______ Default to local node ______
Encryption enabled (Deprecated): Yes _____ No ______
Enable External Authentication:

Valid only for SSL or TLS

Yes _____ No ______ Default to local node ______
TLS or SSL Protocol Functions  
If you enabled the TLS or SSL protocol and you did not define this information in the local node record, set one or more of the following functions:  
Certificate Label:

Label specified when the certificate was generated using one of the security applications; may be called LABLCERT.

________________________________________________

You can type an asterisk (*) to default to the local node record.

Cipher Suite(s) Enabled: ________________________________________________
Ask the trading partner which cipher suites are enabled. Circle all applicable cipher suites.  
  • SSL_RSA_WITH_AES_128_SHA
  • SSL_RSA_WITH_AES_256_SHA
  • SSL_ RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • SSL_RSA_WITH_RC4_40_SHA
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • SSL_RSA_WITH_NULL_SHA
  • SSL_RSA_WITH_NULL_MD5
  • TLS_RSA_WITH_AES_128_SHA
  • TLS_RSA_WITH_AES_256_SHA
  • TLS_(or TLS_) RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • TLS_RSA_WITH_RC4_40_SHA
  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_RSA_EXPORT_WITH_RC4_40_MD5
  • TLS_RSA_WITH_NULL_SHA
  • TLS_RSA_WITH_NULL_MD5
    Note: For a complete list of ciphers see, Secure Cipher Suite.
Certificate Pathname

key database or key ring

________________________________________________

You can type an asterisk (*) to default to the local node record.

To add a second level of security by enabling Client Authentication, set the following two options:  
Enable Client Authentication: Yes _____ No ______
If client authentication is enabled, specify the certificate common name of the local node certificate in the Client Auth. Compare field. _______________________________________________