SECURE_SESSION_REUSE (FTP client and server) statement

Parameters

ALLOWED

Specifies that reusing the SSL session ID of either the control connection or a previous data connection on subsequent data connections within an FTP session is enabled. The FTP client and server reuse the session ID of the control connection when the FTP client and server perform the SSL handshake for subsequent data connections. If the session ID of the control connection cannot be reused, a full SSL handshake is used for the current data connection. The FTP client and server reuse the session ID of the current data connection on subsequent data connections.

REQUIRED

Specifies that reusing the SSL session ID of the control connection on subsequent data connections within an FTP session is required. The FTP client and server must reuse the session ID of the control connection when the FTP client and server perform the SSL handshake for subsequent data connections. If the session ID of the control connection cannot be reused, the SSL handshake for the data connection fails.

NONE

Specifies that reusing the SSL session ID of either the control connection or a previous data connection on the subsequent data connections within an FTP session is not enabled.

Note: This parameter applies to the FTP client only. The FTP server always reuses the SSL session ID of either the control connection or a previous data connection on subsequent data connections. Specifying NONE on the server is regarded as a syntax error and the default value of ALLOWED is used.

Usage notes

• For FTP client and server, if the control connection SSL session is not reused because of a small cache size or timeout value, the following situations might occur:
  • Long running jobs with large number of data connections might fail during one SSL data connection setup.
  • Long running SSL data connections for big data transfer might fail during the SSL renegotiation.
• For FTP client and server, if the SECURE_SESSION_REUSE value is set to REQUIRED and the remote side does not support reusing the session ID, data connections and FTP transfers will fail.
• You can control the SSL cache timeout value in FTP.
  • When you use the TLSMECHANISM statement with the ATTLS parameter specified, the GSK_V3_SESSION_TIMEOUT statement in the relevant TTLSGskAdvancedParms statement configures how long SSL sessions remain in the cache. For the FTP client, if the SECURE_SESSION_REUSE value is set to ALLOWED or REQUIRED, the GSK_V3_SESSION_TIMEOUT value must not be 0; otherwise, the SSL handshake fails. For the FTP server, if the SECURE_SESSION_REUSE value is set to ALLOWED, the GSK_V3_SESSION_TIMEOUT value cannot be 0; otherwise, an SSL session might not be cached and then reused. If the SECURE_SESSION_REUSE value is set to REQUIRED, the GSK_V3_SESSION_TIMEOUT value must not be 0; otherwise, the SSL handshake fails.
  • When you use the TLSMECHANISM statement with the FTP parameter specified, the TLSTIMEOUT statement in the FTP.DATA file configures how long SSL sessions remain in the cache. For the FTP client, if the SECURE_SESSION_REUSE value is set to ALLOWED or REQUIRED, TLSTIMEOUT value must not be 0; otherwise, the SSL handshake fails. For the FTP server, if the SECURE_SESSION_REUSE value is set to ALLOWED, TLSTIMEOUT value cannot be 0; otherwise, an SSL session might not be cached and then reused. If the SECURE_SESSION_REUSE value is set to REQUIRED, TLSTIMEOUT value must not be 0; otherwise, the SSL handshake fails.

Related topics

• SECURE_FTP (FTP client and server) statement.
• SECURE_MECHANISM (FTP client) statement.
• EXTENSIONS (FTP client and server) statement.
• TLSTIMEOUT (FTP client and server) statement.
• See z/OS Communications Server: IP User's Guide and Commands for more information about the FTP command and the FTP environment.
• See z/OS Communications Server: IP Configuration Guide for more information about customizing TLS and Kerberos and SSL/TLS.