TTLSEnvironmentAdvancedParms statement

Use the TTLSEnvironmentAdvancedParms statement to specify advanced attributes for an AT-TLS environment.

Syntax

Read syntax diagramSkip visual syntax diagramTTLSEnvironmentAdvancedParmsnamePut Braces and Parameters on Separate Lines
Put Braces and Parameters on Separate Lines
Read syntax diagramSkip visual syntax diagram{TTLSEnvironmentAdvancedParms Parameters}
TTLSEnvironmentAdvancedParms Parameters
Read syntax diagramSkip visual syntax diagramSSLv2 OffSSLv2OnOffSSLv3 OffSSLv3OnOffTLSv1 On1TLSv1OnOffTLSv1.1 On1TLSv1.1OnOffTLSv1.2 OffTLSv1.2OnOffTLSv1.3 OffTLSv1.3OnOffMiddleBoxCompatMode OffMiddleBoxCompatModeOnOffApplicationControlled OffApplicationControlledOnOffHandshakeTimeout 10HandshakeTimeout  nResetCipherTimer 0ResetCipherTimer  nRenegotiationDefaultRenegotiationDisabledAllAbbreviatedRenegotiationIndicatorOptionalRenegotiationIndicatorClientServerBothRenegotiationCertCheckOffRenegotiationCertCheckOnCertificateLabel  valueServerCertificateLabel valueClientAuthTypeRequiredClientAuthTypePassThruFullRequiredSAFCheckSecondaryMapOnOffTruncatedHMAC OffTruncatedHMACRequiredOptionalOffCertValidationMode AnyCertValidationModeAnyRFC2459RFC3280RFC5280ClientMaxSSLFragment OffClientMaxSSLFragmentRequiredOptionalClientMaxSSLFragmentLength512102420484096ClientMaxSSLFragment OffServerMaxSSLFragment OffServerMaxSSLFragmentRequiredOptionalOffClientHandshakeSNI OffClientHandshakeSNIRequiredOptionalClientHandshakeSNIMatchRequiredOptionalClientHandshakeSNIListvalueClientHandshakeSNI OffServerHandshakeSNI OffServerHandshakeSNIRequiredOptionalServerHandshakeSNIMatchRequiredOptionalServerHandshakeSNIListvalueServerHandshakeSNI Off3DesKeyCheck Off3DesKeyCheckOnOffClientEDHGroupSize LegacyClientEDHGroupSize2048LegacyServerEDHGroupSize LegacyServerEDHGroupSize2048LegacyMatchPeerMinCertVersion AnyPeerMinCertVersion3AnyPeerMinDHKeySize 1024PeerMinDHKeySize  nPeerMinDsaKeySize 1024PeerMinDsaKeySize  nPeerMinECCKeySize 192PeerMinECCKeySize  nPeerMinRsaKeySize 1024PeerMinRsaKeySize  nServerScsv OffServerScsvOnOffClientExtendedMasterSecretOnClientExtendedMasterSecretOnOffRequiredServerExtendedMasterSecretOnServerExtendedMasterSecretOnOffRequiredHostReferenceIdDNS nameHostReferenceIdCN nameHostRefWildcardValidationOnOff
Notes:
  • 1 When you specify TLSv1.3 as On, the default values for TLSv1 and TLSv1.1 are Off. Otherwise, the default values for TLSv1 and TLSv1.1 are On.

Parameters

name
A string 1 - 32 characters in length specifying the name of this TTLSEnvironmentAdvancedParms statement.

Rule: If this TTLSEnvironmentAdvancedParms statement is not specified inline within another statement, a name value must be provided. If a name value is not specified for an inlineTTLSEnvironmentAdvancedParms statement, a nonpersistent system name is created.

3DesKeyCheck
Specifies that when Triple DES session key are generated, each key part must be unique. For System SSL, the GSK_3DES_KEYCHECK is set to this value. Valid values are:
Off
When operating in non-FIPS mode the key parts are not compared for uniqueness. Key uniqueness is always enforced in FIPS mode. This is the default.
On
Key parts are compared for uniqueness.
ApplicationControlled
Specifies whether the application can control AT-TLS security for a connection. Valid values are:
Off
An application cannot control AT-TLS security. The connection automatically negotiates AT-TLS security. This is the default.
On
An application can control AT-TLS security. AT-TLS security is used only when requested by the application, using the SIOCTTLSCTL ioctl.
CertificateLabel
Specifies the label of the certificate to be used for authentication. Valid values are in the range 1 - 127 characters in length. For System SSL, the GSK_KEYRING_LABEL value is set to this value.
Rule: Comment indicators and embedded blanks are treated as part of the value for this attribute. For example:
CertificateLabel  Root#CA  Certificate
value used:   Root#CA  Certificate    

Restriction: When the value contains embedded blanks, you must specify the entire value within the first 1 536 characters of the configuration file line.

CertValidationMode
Specifies the method of certificate validation. For System SSL, the GSK_CERT_VALIDATION_MODE value is set to this value. Possible values are:
Any
Specifies that certificate validation can use any supported X.509 certificate validation method. This is the default.
RFC2459
Specifies that certificates are validated by using the method described in RFC 2459.
RFC3280
Specifies that certificates are validated by using the method described in RFC 3280.
RFC5280
Specifies that certificates are validated by using the method described in RFC 5280.
Results: If 128-bit minimum or 192-bit minimum Suite B profiles are configured, the CertValidationMode setting is ignored and the certificate validation method described in RFC 5280 and RFC 5759 is used.
ClientAuthType
Specifies the type of client certificate validation to be performed for connections in this AT-TLS environment. Client certificates are requested only if HandshakeRole is set to ServerWithClientAuth. Valid values are:
PassThru
Bypasses client certificate validation.
Full
Performs client certificate validation if the client presents a certificate.
Required
Requires the client to present a certificate and performs client certificate validation. This is the default.
SAFCheck
Requires the client to present a certificate, performs client certificate validation and requires the client certificate to have an associated user ID defined to the security product.
ClientEDHGroupSize
Specifies the minimum accepted server Diffie-Hellman group size allowed for an ephemeral Diffie-Hellman key exchange message when AT-TLS is the TLS client. For System SSL, GSK_CLIENT_EPHEMERAL_DH_GROUP_SIZE is set to this value. Valid values are:
Legacy
Enforce minimum group size of 1024 for each new server handshake in non-FIPS mode and group size of 2048 when operating in FIPS mode. This is the default.
2048
Enforce minimum group size of 2048 for each new server handshake.
ClientExtendedMasterSecret
Specifies whether the TLS client supports the extended master secret (EMS) computation for TLSv1.0, TLSv1.1 and TLSv1.2 negotiations. This support is negotiated by the client and server. When the TLS client supports the EMS computation, it will include the EMS extension on the Client Hello message if TLSv1.0, TLSv1.1, or TLSv1.2 is enabled. If the server also supports the EMS computation, it will include the EMS extension on the Server Hello message for a TLSv1.0, TLSv1.1, or TLSv1.2 negotiation. The EMS extension is defined by RFC 7627.

Possible values are:

On
Specifies that the TLS client (when enabled for TLSv1.0, TLSv1.1, or TLSv1.2) will send an EMS extension to the server. If the server responds with an EMS extension for a TLSv1.0, TLSv1.1, or TLSv1.2 handshake, the EMS computation will be used. If the server does not send an EMS extension the handshake can still succeed but the standard master secret derivation is used. This is the default.
Required
Specifies that the TLS client (when enabled for TLSv1.0, TLSv1.1, or TLSv1.2) will send an EMS extension to the server and requires that the server respond with an EMS extension for a TLSv1.0, TLSv1.1, or TLSv1.2 handshake. If the server does not indicate support by sending the EMS extension, the handshake fails.
Off
Specifies that the TLS client (when enabled for TLSv1.0, TLSv1.1, or TLSv1.2) will not send the EMS extension to the server during the handshake.
ClientHandshakeSNI
For TLSv1.0 protocol and later, this keyword specifies whether a client can specify a list of server names. The server chooses a certificate based on that server name list for this connection. For System SSL, the extension ID is set to GSK_TLS_SET_SNI_CLIENT_SNAMES and a flag is set in the gsk_tls_extension structure if it is required. Valid values are:
Required
Specifies that server name indication support must be accepted by the server. Connections fail if the server does not support server name indication.

Tip: When you specify ClientHandshakeSNI as required, specify SSLv3 as Off.

Optional
Specifies that server name indication negotiation is supported, but allows connections with servers that do not support server name indication negotiation.
Off
Specifies that server name indication is not supported. The function is not enabled. Connections fail if the server requires support for server name indication. This is the default.
ClientHandshakeSNIMatch
Code this parameter if ClientHandshakeSNI is set to Required or Optional. For system SSL, a flag is set in the gsk_sni_client_snames structure if a match is required. Possible values are:
Required
Specifies that a server name in the list of server names provided by the TLS client must match a server name in the list of server names and certificate labels on the TLS server. The connection ends if no match was found for the server name at the server.
Optional
Specifies that connections can continue if no match is found for the server name.
ClientHandshakeSNIList
For SSL clients using TLSv1.0 protocol and later, this keyword specifies a server name. You can code multiple ClientHandshakeSNIList statements. The list of server names is passed to the server in the SSL handshake. For System SSL, the server names are anchored in the gsk_sni_client_snames structure. A server name can be 1 - 255 characters in length. This parameter is required when ClientHandshakeSNI is set to Required or Optional.

Restriction: The total length of all the server names specified must be less than 32K.

ClientMaxSSLFragment
For TLSv1.0 protocol and later, this keyword specifies whether maximum SSL fragment function is supported when AT-TLS is the TLS client on the connection. For System SSL, the extension ID is set to GSK_TLS_SET_CLIENT_MFL and a flag is set in the gsk_tls_extension structure if it is required. Possible values are:
Required
Specifies that maximum SSL fragment function support must be accepted by the server. Connections fail if the server does not support maximum SSL fragment function.

Tip: When you specify ClientMaxSSLFragment as Required, specify SSLv3 as Off.

Optional
Specifies support for maximum SSL fragment function negotiation, but allows connections with servers that do not support maximum SSL fragment function.
Off
Specifies that maximum SSL fragment function negotiation is not supported. The function is not enabled. Connections fail if the server requires support for maximum SSL fragment function. This is the default.
ClientMaxSSLFragmentLength
For TLSv1.0 protocol and later, this value specifies maximum SSL fragment function, in bytes, to request on the connection when AT-TLS is the TLS client using TLSv1.0 and TLSv1.1 protocols. The valid values are 512, 1024, 2048, and 4096. For System SSL, the maximum fragment length is set to GSK_TLS_MFL_512, GSK_TLS_MFL_1024, GSK_TLS_MFL_2048, or GSK_TLS_MFL_4096. This parameter is required when ClientMaxSSLFragment is set to Required or Optional.
HandshakeTimeout
Specifies the number of seconds to wait for the initial handshake to complete. Valid values of n are in the range 0 - 600. The default value is 10.

For connections with the HandshakeRole parameter set to Client, the timer is initially set to 5 times the value of n, allowing for network delay and any delay on the server in processing the connection. When the initial response is received from the server, the timer is set again for n seconds, to allow the initial handshake to complete.

For connections with that HandshakeRole parameter set to Server or ServerWithClientAuth, when the server starts to process the new connection the timer is set to n seconds, waiting for the initial request from the client. The timer is reset to n seconds when the server sends the initial response, to allow the initial handshake to complete.

If the timer expires, the TCP connection is reset. A value of 0 indicates that the connection does not time out waiting for the initial handshake to complete.

For TELNET connections a non-zero value is required.

Start of changeHostReferenceIdDNSEnd of change
Start of changeSpecifies a fully qualified DNS domain name for use in domain-based server certificate validation (with comparison logic defined by RFC 6125). As part of an SSL/TLS session negotiation, the client can verify that the received server certificate contains a Subject Alternative Name (SAN) extension with a DNS name that matches a reference value. A list of reference values is provided by specifying the HostReferenceIdDNS parameter one or more times for the client rule.

The name value should be a fully qualified domain name containing at least 3 labels, for example abc.example.com. It is not case sensitive.

If the HostReferenceIdDNS parameter is specified more than once, a comma-separated list of names is created. For System SSL, the GSK_REFERENCE_ID_DNS value is set to the comma-separated list of names.

If neither HostReferenceIdDNS nor HostReferenceIdCN is configured, domain-based server certificate validation is not done.

Restrictions:
  • The maximum length of the comma-separated list provided to System SSL is 16384.
  • The maximum length of a single name is 300.
  • The name cannot contain an asterisk.
End of change
Start of changeHostReferenceIdCNEnd of change
Start of changeSpecifies a fully qualified DNS domain name for use in domain-based server certificate validation (as defined by RFC 6125). As part of an SSL/TLS session negotiation, the client can verify that the received server certificate contains a subject DN common name with a DNS name that matches a reference value. A list of reference values is provided by specifying the HostReferenceIdCN parameter one or more times for the client rule.

The name value should be a fully qualified domain name containing at least 3 labels, for example abc.example.com. It is not case sensitive.

If the HostReferenceIdCN parameter is specified more than once, a comma-separated list of names is created. For System SSL, the GSK_REFERENCE_ID_CN value is set to the comma-separated list of names.

If neither HostReferenceIdDNS nor HostReferenceIdCN is configured, domain-based server certificate validation is not done.

Restrictions:
  • The maximum length of the comma-separated list provided to System SSL is 16384.
  • The maximum length of a single name is 300.
  • The name cannot contain an asterisk.
  • If the server certificate contains a Subject Alternative Name (SAN) extension with a DNS domain name, the HostReferenceIdDNS parameter must be used for domain-based server certificate validation. The Host ReferenceIdCN is provided for use with legacy certificates that do not include a SAN with a DNS domain name.
End of change
Start of changeHostRefWildcardValidationEnd of change
Start of changeSpecifies whether domain-based server certificate validation (with comparison logic defined by RFC 6125) is allowed when the DNS domain name from the certificate contains a wildcard ("*") in the first label of the DNS domain name. The DNS domain name could be from a Subject Alternative Name (SAN) extension or from the DN common name. For System SSL, GSK_WILDCARD_VALIDATION_ENABLE is set to this value.
Off
Domain-based server certificate validation will fail if the server certificate contains a wildcard value in the DNS domain name.
On
Domain-based server certificate validation is allowed for a server certificate that contains a wildcard in the first label of the DNS domain name.
Restrictions:
  • Validation will fail if a wildcard is found in any label of the DNS domain name other than the first or if the wildcard is the only character.
  • The wildcard character will not be matched to more than one label.
End of change
MiddleBoxCompatMode
Specifies whether the TLSv1.3 handshake process should use or tolerate handshake messages in a manner compliant with earlier TLS protocols to alleviate possible issues with middle boxes or proxies. For System SSL, the GSK_MIDDLEBOX_COMPAT_MODE value is set to this value. Possible values are:
On
For a TLSv1.3 handshake, send handshake messages in a manner compliant with earlier TLS protocols.
Off
For a TLSv1.3 handshake, use the TLSv1.3 handshake format. This is the default.
Tip: RFC 8446 reports that a number of middleboxes were found to drop TLSv1.3 handshake messages. Using the compatibility mode increases the chance of a successful negotiation since the TLSv1.3 handshake will use handshake messages in a manner compliant with earlier TLS protocols.
PeerMinCertVersion
Specifies a minimum X.509 version level for the partner's end-entity certificate. For System SSL, GSK_PEER_CERT_MIN_VERSION is set to this value. Valid values are:
Any
Any supported X.509 version supported by System SSL. This is the default.
3
The minimum X.509 version is version 3.
Result: If the negotiated protocol is TLSv1.3, it requires a X.509 version 3 certificate. This parameter is ignored.
PeerMinDHKeySize
Specifies the minimum allowed X.509 certificate Diffie-Hellman key size for a peer end-entity certificate. For System SSL, GSK_PEER_DH_MIN_KEY_SIZE is set to this value. Valid values are 0 - 2048. Any value specified that does not equal a supported key size increment will set the minimum key size to the next highest increment. The default value is 1024. In FIPS mode, setting can be used to enforce stronger DH key sizes than the default defined by FIPS mode.
PeerMinDsaKeySize
Specifies the minimum allowed X.509 certificate DSA key size for a peer end-entity certificate. For System SSL, GSK_PEER_DSA_MIN_KEY_SIZE is set to this value. Valid values are 0 - 2048. Any value specified that does not equal a supported key size increment will set the minimum key size to the next highest increment. The default value is 1024. In FIPS mode, setting can be used to enforce stronger DSA key sizes than the default defined by FIPS mode.
PeerMinECCKeySize
Specifies the minimum allowed X.509 certificate ECC key size for a peer end-entity certificate. For System SSL, GSK_PEER_ECC_MIN_KEY_SIZE is set to this value. Valid values are 0 - 521. Any value specified that does not equal a supported key size increment will set the minimum key size to the next highest increment. The default value is 192. In FIPS mode, setting can be used to enforce stronger ECC key sizes than the default defined by FIPS mode.
PeerMinRsaKeySize
Specifies the minimum allowed X.509 certificate RSA key size for a peer end-entity certificate. For System SSL, GSK_PEER_RSA_MIN_KEY_SIZE is set to this value. Valid values are 0 - 4096. Any value specified that does not equal a supported key size increment will set the minimum key size to the next highest increment. The default value is 1024. In FIPS mode, setting can be used to enforce stronger RSA key sizes than the default defined by FIPS mode.
ResetCipherTimer
Specifies the number of minutes a secure connection can be active before a new session key is generated for the connection. AT-TLS initiates a key update on the next read or write after the timer expires. For System SSL, the GSK_RESET_CIPHER function is used to initiate this.
For SSLv3, TLSv1.0, TLSv1.1, or TLSv1.2: A handshake is initiated on the next read or write after the timer expires. If the session ID has expired (controlled by the GSK_V3_SESSION_TIMEOUT statement), a full handshake is performed. Otherwise, a short handshake is performed.
For TLSv1.3 and later: A Key Update message is sent to the peer. The peer is also requested to change its application write key. The result is that the sender changes its application data write and read keys and the peer should change its corresponding application data read and write keys.
Valid values of n are in the range 0 - 1440. Specifying 0 means that session key refresh is not initiated by AT-TLS for the life of the connection. The default value is 0.
Renegotiation
Specifies the type of session key renegotiation that is allowed. For System SSL, the GSK_RENEGOTIATION value is set. The following values are valid:
Default
GSK_RENEGOTIATION set to NONE. Disables SSL V3 and TLS handshake renegotiation as a server and allows RFC 5746 renegotiation. This is the default.
Disabled
Disables SSL V3 and TLS handshake renegotiation as a server and disables RFC 5746 renegotiation.
All
Allows SSL V3 and TLS handshake renegotiation as a server and allows RFC 5746 renegotiation.
Abbreviated
Allows SSL V3 and TLS abbreviated handshake renegotiation as a server for resuming the current session only, while disabling SSL V3 and TLS full handshake renegotiation as a server. The System SSL session ID cache is not checked when resuming the current session. Allows RFC 5746 renegotiation.
Result: If the negotiated protocol is TLSv1.3, renegotiation is not allowed. This parameter is ignored.
RenegotiationIndicator
Sets the enforcement level of the initial handshake renegotiation indication as RFC 5746 specifies. For System SSL, the GSK_EXTENDED_RENEGOTIATION_INDICATOR value is set to this value. The following values are valid:
Optional
The renegotiation indicator is not required during initial handshake.
Client
Allow the client initial handshake to proceed only when the server indicates support for RFC 5746 renegotiation.
Server
Allow the server initial handshake to proceed only when the client indicates support for RFC 5746 renegotiation.
Both
Allow the client and server initial handshakes to proceed only when the partner indicates support for RFC 5746 renegotiation.
Result: If the negotiated protocol is TLSv1.3, renegotiation is not allowed. This parameter is ignored.
RenegotiationCertCheck
Specifies whether to perform an identity check against the peer's certificate during renegotiation. For System SSL, the GSK_RENEGOTIATION_PEER_CERT_CHECK value is set to this value. Valid values are:
Off
An identity check is not performed. This allows the peer certificate to change during renegotiation.
On
An identity check is performed. This ensures that the peer certificate does not change during renegotiation.
Result: If the negotiated protocol is TLSv1.3, renegotiation is not allowed. This parameter is ignored.
SecondaryMap
Specifies whether the application establishes secondary connections that should use the secondary policy mapping method. When specified in the TTLSEnvironmentAdvancedParms, this statement overrides the value specified in the TTLSGroupAdvancedParms. Valid values are:
Off
A connection that maps to this policy should not be used as a primary connection in the secondary policy mapping method.
On
A connection that maps to this policy should be used as a primary connection in the secondary policy mapping method. Future connections established between the same two IP addresses by the same process that do not map to any policy or map to a policy with a lower priority are considered secondary connections. These secondary connections use the same policy mapped by the associated primary connection.
ServerCertificateLabel
Specifies the label of the certificate for a server application to authenticate the server. A maximum of eight labels may be coded; each requiring a separate ServerCertificateLabel parameter. If multiple ServerCertificateLabel parameters are defined, the order they are defined is also the order of preference. The maximum length of value of the certificate label is 127 characters. The first certificate that meets the protocol/cipher criteria is chosen. For System SSL, the GSK_SERVER_KEYRING_LABEL_LIST is set to a comma-separated list of the values specified for all ServerCertificateLabel parameters.
Rule: Comment indicators and embedded blanks are treated as part of the value for this attribute. For example:
ServerCertificateLabel  Root#CA  Certificate
    value used:   Root#CA  Certificate 

Restriction: When the value contains embedded blanks, you must specify the entire value within the first 1 536 characters of the configuration file line.

Tip: Using multiple certificates of the same key type is not advantageous unless a certificate early in the preference order is expected to expire soon and a certificate later in the order is expected to be the replacement certificate.

ServerExtendedMasterSecret
Specifies whether the TLS server supports the extended master secret (EMS) computation for TLSv1.0, TLSv1.1 and TLSv1.2 negotiations. This support is negotiated by the client and server. When the TLS server supports the EMS computation and receives an EMS extension on the Client Hello message, the server will include the EMS extension on the Server Hello message for a TLSv1.0, TLSv1.1, or TLSv1.2 handshake. The EMS extension is defined by RFC 7627.

Possible values are:

On
Specifies that the TLS server supports both clients that send an EMS extension, and those that do not. This is the default.
Required
Specifies that the TLS server requires that clients send an EMS extension for a TLSv1.0, TLSv1.1, or TLSv1.2 handshake. If the client does not send the EMS extension, the handshake fails.
Off
Specifies that the TLS server does not support the EMS computation. The server will not send an EMS extension for a TLSv1.0, TLSv1.1, or TLSv1.2 handshake, even if it receives one from the client.
ServerHandshakeSNI
For TLSv1.0 protocol and later, this keyword specifies whether a certificate is chosen based on the server name list provided by the TLS client. For System SSL, the extension ID is set to GSK_TLS_SET_SNI_SERVER_SNAMES and a flag is set in the gsk_tls_extension structure if it is required. Possible values are:
Required
Specifies that server name indication support must be accepted by the client. Connections fail if the client does not support server name indication.

Tip: When you specify ServerHandshakeSNI as Required, specify SSLv3 as Off.

Optional
Specifies that server name indication negotiation is supported, but allow connections with clients that do not support server name indication.
Off
Specifies that server name indication is not supported. The function is not enabled. Connections fail if the client requires support for server name indication. This is the default value.
ServerHandshakeSNIMatch
You must code this parameter when ServerHandshakeSNI is set to Required or Optional. For system SSL, a flag is set in the gsk_sni_server_labels structure if a match is required. Possible values are:
Required
Specifies that a server name in the list of server names provided by the TLS client must match a server name in the ServerHandshakeSNIList . The connection ends if no match can be found for the server name.
Optional
Specifies that connections continue if no match is found for the server name.
ServerHandshakeSNIList
For SSL servers using TLSv1.0 protocol and later, this keyword specifies a server name and certificate label pair to be used by the server, separated by a slash (/). Multiple ServerHandshakeSNIList statements can be coded. The server matches the server name provided by the client to a certificate label. For System SSL, the server names and labels are anchored in the gsk_sni_server_labels structure. A server name can be 1 - 255 characters in length. A certificate label can be 1 - 127 characters in length. This parameter is required when ServerHandshakeSNI is set to Required or Optional.
Rule: You can use comment indicators and embedded blanks as part of the certificate label value for this attribute. For example:
ServerHandshakeSNIList myservername/Root#CA Certificate 
value used: myservername/Root#CA Certificate
Restrictions:
  • The total length of all the server names and certificate labels specified must be less than 32K.
  • When the certificate label value contains embedded blanks, you must specify the entire parameter value within the first 1 536 characters of the configuration file line.
ServerMaxSSLFragment
For TLSv1.0 protocol and later, this keyword specifies whether the maximum SSL fragment function is supported when AT-TLS is the TLS server on the connection. For System SSL, the extension ID is set to GSK_TLS_SET_SERVER_MFL and a flag is set in the gsk_tls_extension structure if it is required. Possible values are:
Required
Specifies that maximum SSL fragment function support must be accepted by the client. Connections fail if the client does not support maximum SSL fragment function.

Tip: When you specify ServerMaxSSLFragment as Required, specify SSLv3 as Off.

Optional
Specifies that support is provided for maximum SSL fragment function, but allow connections with clients that do not support maximum SSL fragment function.
Off
Specifies that maximum SSL fragment function is not supported. The function is not enabled. Connections fail if the client requires support for maximum SSL fragment function. This is the default value.
ServerEDHGroupSize
Specifies the minimum server Diffie-Hellman group size allowed for an ephemeral Diffie-Hellman key exchange message when AT-TLS is the TLS server. For System SSL, GSK_SERVER_EPHEMERAL_DH_GROUP_SIZE is set to this value. Valid values are:
Legacy
Utilize minimum group size of 1024 for each new handshake in non-FIPS mode and group size of 2048 when operating in FIPS mode. This is the default.
2048
Utilize minimum group size of 2048 for each new handshake.
Match
Match the ephemeral Diffie-Hellman group to the server certificate's key strength. If the key size is less than or equal to 1024, a group size of 1024 will be used. If the key size is greater than 1024, then a group size of 2048 will be used.
Result: Start of changeWhen a value of Legacy or 2048 is configured, a defined set of Diffie-Hellman parameters is used to generate a unique key. When a value of Match is configured, System SSL generates the Diffie-Hellman parameters that are used to generate a unique key. The additional processing to generate the Diffie-Hellman parameters is done in software and can be CPU-intensive.End of change
ServerScsv
Specifies support for honoring the Signaling Cipher Suite Value (SCSV) when included in the TLS client's cipher list. When the SCSV is specified in the TLS client's cipher list, it indicates that the handshake is a fallback attempt. For System SSL, the GSK_SERVER_FALLBACK_SCSV is set to this value. Valid values are:
Off
Support disabled for the Signaling Cipher Suite Value. This is the default.
On
Support enabled for the Signaling Cipher Suite Value.
SSLv2
Specifies the state of the SSL Version 2 protocol. For System SSL, the GSK_PROTOCOL_SSLV2 value is set to this value. Possible values are:
On
Enables the SSL Version 2 protocol.
Off
Disables the SSL Version 2 protocol. This is the default.
SSLv3
Specifies the state of the SSL Version 3 protocol. For System SSL, the GSK_PROTOCOL_SSLV3 value is set to this value. Possible values are:
On
Enable the SSL Version 3 protocol.
Off
Disable the SSL Version 3 protocol. This is the default.
TLSv1
Specifies the state of the TLS Version 1 protocol. For System SSL, the GSK_PROTOCOL_TLSV1 value is set to this value. Possible values are:
On
Enable the TLS Version 1.0 protocol.
Off
Disable the TLS Version 1.0 protocol.
Result: When you specify TLSv1.3 as On, the default value for TLSv1 is Off. Otherwise, the default value for TLSv1 is On.
TLSv1.1
Specifies the state of the TLS Version 1.1 protocol. For System SSL, the GSK_PROTOCOL_TLSV1_1 value is set to this value. Possible values are:
On
Enable the TLS Version 1.1 protocol.
Off
Disable the TLS Version 1.1 protocol.
Result: When you specify TLSv1.3 as On, the default value for TLSv1.1 is Off. Otherwise, the default value for TLSv1.1 is On.
TLSv1.2
Specifies the state of the TLS Version 1.2 protocol. For System SSL, the GSK_PROTOCOL_TLSV1_2 value is set to this value. Possible values are:
On
Enable the TLS Version 1.2 protocol.
Tip: When you specify TLSv1.2 as On, System SSL will not negotiate SSLv2 sessions even if you specify SSLv2 as On.
Off
Disable the TLS Version 1.2 protocol. This is the default.
TLSv1.3
Specifies the state of the TLS Version 1.3 protocol. For System SSL, the GSK_PROTOCOL_TLSV1_3 value is set to this value. Possible values are:
On
Enable the TLS Version 1.3 protocol.
Tip: When you specify TLSv1.3 as On, System SSL will not negotiate SSLv2 or SSLv3 sessions even if you specify SSLv2 or SSLv3 as On.
Result: When you specify TLSv1.3 as On, the default values for TLSv1 and TLSv1.1 are Off.
Off

Disable the TLS Version 1.3 protocol. This is the default.

Restriction: The FIPS 140-2 standard does not define support for TLSv1.3 or the new cipher suites defined for it. Enabling both the TLSv1.3 protocol and FIPS support results in an error.

Start of changeBe aware that the CPU consumption of the TCP/IP address space will likely increase when you enable TLSv1.3. While TLSv1.3 provides stronger cryptographic protection for your TCP connections, it inherently uses more cryptographic operations and therefore consumes more CPU than TLSv1.2 when using comparable cipher suites and key exchange algorithms. The magnitude of the CPU increase depends on a variety of factors, including the cipher suites you were using under TLSv1.2 (or earlier), the z/OS operating system level (earlier OS versions may not have as many optimizations as later versions), and the level of hardware you are using (earlier versions of hardware may have less cryptographic acceleration than newer versions).End of change

TruncatedHMAC
For protocols TLSv1.0, TLSv1.1, and TLSv1.2 protocol, this keyword specifies whether clients and servers support the use of 80-bit truncated HMACs. For System SSL, the extension ID is set to GSK_TLS_EXTID_TRUNCATED_HMAC and a flag is set in the gsk_tls_extension structure, if it is required. Possible values are:
Required
Specifies that 80-bit truncated HMAC support must be accepted by both endpoints. Connections fail if the remote endpoint does not support the 80-bit truncated HMAC.

Tip: When you specify TruncatedHMAC as Required, specify SSLv3 as Off.

Optional
Specifies that support is provided for 80-bit truncated HMAC negotiation, but connections with endpoints that do not support the truncated 80-bit HMAC are allowed.
Off
Specifies that support is not provided for 80-bit truncated HMAC negotiation. The function is not enabled. Connections fail if the remote endpoint requires support for the 80-bit truncated HMAC. This is the default.
Result: The Truncated HMAC extension is not applicable for algorithms supported for the TLSv1.3 protocol. A server that attempts a TLSv1.3 protocol negotiation will not include the Truncated HMAC extension.