Returned parameters

If the command executes successfully, CS Linux returns the following parameters:

Parameter name            Type         Length
default_record            constant
client_address            character    256
client_port               decimal
cli_ssl_enabled           constant
cli_conn_security_level   constant
cli_conn_cert_key_label   character    80
host_address              character    255
host_port                 decimal
host_ssl_enabled          constant
serv_conn_security_level  constant
serv_conn_cert_key_label  character    80
description               character    31

The following parameters are returned for each client entry:

default_record
Specifies whether this entry is the default record. Possible values are:
YES
This entry is the default record. The client_address parameter is not used.
NO
This entry is a TN Redirector record for a specified client.
client_address
The TCP/IP address of the Telnet client. This can be any of the following.
  • An IPv4 dotted-decimal address (such as 193.1.11.100).
  • An IPv6 colon-hexadecimal address (such as 2001:0db8:0000:0000:0000:0000:1428:57ab or 2001:db8::1428:57ab).
  • A name (such as newbox.this.co.uk).
  • An alias (such as newbox).
client_port
The number of the TCP/IP port that the Telnet client uses to access the TN server node.
cli_ssl_enabled
Indicates whether the client uses Secure Sockets Layer (SSL) to access TN Redirector. Possible values are:
NO
The client does not use SSL.
YES
The client uses SSL.
YES_WITH_CLI_AUTH
The client uses SSL, and the TN Redirector requires it to use client authentication. The client must send a valid certificate (information identifying it as a valid client authorized to use the TN Redirector).

As well as checking that the certificate is valid, the TN Redirector may also need to check the certificate against a certificate revocation list on an external LDAP server, to ensure that the user's authorization has not been revoked. In this case, you also need to use define_tn3270_ssl_ldap to specify how to access this server.

cli_conn_security_level
Indicates the SSL security level required for the client connection on this session. The session will use the highest security level that both client and server can support; if the client cannot support the requested level of security or higher, the session will not be started.

If the cli_ssl_enabled parameter is set to NO, this parameter is not used.

Possible values are:

SSL_AUTHENTICATE_MIN
Certificates must be exchanged; encryption is not required (but can be used if the client requests it).
SSL_AUTHENTICATE_ONLY
Certificates must be exchanged, but encryption will not be used. This option is typically used to avoid the overhead of encryption when the client is connecting across a secure intranet.
SSL_40_BIT_MIN
Use at least 40-bit encryption.
SSL_56_BIT_MIN
Use at least 56-bit encryption.
SSL_128_BIT_MIN
Use at least 128-bit encryption.
SSL_168_BIT_MIN
Use at least 168-bit encryption.
SSL_256_BIT_MIN
Use at least 256-bit encryption.
Note:

Using encryption requires additional software to be installed with CS Linux; see IBM Communications Server for Data Center Deployment on Linux Quick Beginnings for more information. Depending on your location, you may not be able to use all the encryption levels listed because the software required to support them is not available in your country.

cli_conn_cert_key_label
The label identifying a certificate and key pair for use with SSL on the client session. This must match a label specified when the SSL keyring database was set up; see IBM Communications Server for Data Center Deployment on Linux Quick Beginnings for more information.

If the cli_ssl_enabled parameter is set to NO, this parameter is not used.

If this parameter is not specified, this indicates that the session uses the default SSL certificate and key pair, specified when the SSL keyring database was set up.

host_address
The TCP/IP address of the host computer with which the client communicates. This can be specified as any of the following.
  • An IPv4 dotted-decimal address (such as 193.1.11.100).
  • An IPv6 colon-hexadecimal address (such as 2001:0db8:0000:0000:0000:0000:1428:57ab or 2001:db8::1428:57ab).
  • A name (such as newbox.this.co.uk).
  • An alias (such as newbox).
host_port
The number of the TCP/IP port that the TN Redirector node uses to access the host.
host_ssl_enabled
Indicates whether the TN Redirector uses Secure Sockets Layer (SSL) to access the host on behalf of this client. Possible values are:
NO
The host does not use SSL.
YES
The host uses SSL.
serv_conn_security_level
Indicates the SSL security level required for the host connection on this session. The session will use the highest security level that both host and server can support; if the host cannot support the requested level of security or higher, the session will not be started.

If the host_ssl_enabled parameter is set to NO, this parameter is not used.

Possible values are:

SSL_AUTHENTICATE_MIN
Certificates must be exchanged; encryption is not required (but can be used if the host requests it).
SSL_AUTHENTICATE_ONLY
Certificates must be exchanged, but encryption will not be used. This option is typically used to avoid the overhead of encryption when the host connection is across a secure intranet.
SSL_40_BIT_MIN
Use at least 40-bit encryption.
SSL_56_BIT_MIN
Use at least 56-bit encryption.
SSL_128_BIT_MIN
Use at least 128-bit encryption.
SSL_168_BIT_MIN
Use at least 168-bit encryption.
SSL_256_BIT_MIN
Use at least 256-bit encryption.
Note:

Using encryption requires additional software to be installed with CS Linux; see IBM Communications Server for Data Center Deployment on Linux Quick Beginnings for more information. Depending on your location, you may not be able to use all the encryption levels listed because the software required to support them is not available in your country.

serv_conn_cert_key_label
The label identifying a certificate and key pair for use with SSL on the host session. This must match a label specified when the SSL keyring database was set up; see IBM Communications Server for Data Center Deployment on Linux Quick Beginnings for more information.

If the host_ssl_enabled parameter is set to NO, this parameter is not used.

If this parameter is not specified, this indicates that the session uses the default SSL certificate and key pair, specified when the SSL keyring database was set up.

description
An optional string describing the client.