Security functions

You can use Application Transparent Transport Layer Security (AT-TLS) with Start of change SMC End of change with no restriction. The negotiation of AT-TLS support for a TCP connection takes place after the SMC rendezvous exchange, and after that the encryption and decryption of the data occur as normal.

Generally, security functions that require TCP/IP to examine TCP packets cannot be used with Start of change SMC End of change communications because data that is sent over SMC links is not converted into TCP packets. The following security functions do not interoperate with SMC:

IPSec when the TCP connection requires tunneling
IP filters when the filter would deny a packet for the TCP connection
Multilevel security when the connection requires packet tagging (that is, when the source and destination zones are both SYSMULTI)

All of the above functions can be activated dynamically through profile changes, with the expectation that the change applies to current active TCP connections. If TCP connections are currently traversing Start of change SMC End of change links when such a profile change is made, then the stack stops the TCP connections that are not compatible with the new security profiles.