AT-TLS policy configuration

AT-TLS policy is provided to the stack by the Policy Agent. The Policy Agent main configuration file contains a TcpImage statement for each stack that is to receive policy, and can optionally contain a CommonTTLSConfig statement that identifies a local shared AT-TLS policy file.

The TcpImage statement identifies the z/OS® UNIX file or MVS™ data set that contains policy for that stack. This policy file can contain a TTLSConfig statement to identify the z/OS UNIX file or MVS data set that contains the local AT-TLS policy. The TTLSConfig statement is required for each stack that is to receive AT-TLS policy. If both a TTLSConfig statement and a CommonTTLSConfig statement are defined, the specified CommonTTLSConfig file is processed before the TTLSConfig policy file specified for that stack.

On the policy server, use the DynamicConfigPolicyLoad statement to specify the remote AT-TLS policies. On the policy client, use the PolicyServer statement to retrieve the remote AT-TLS policies from the policy server.

Within the AT-TLS policy file, AT-TLS rules define a set of conditions that are compared to connections when policy is mapped during connect, or at the first select for readable or writable, poll for readable or writable, send, receive, or SIOCTTLSCTL ioctl. If a rule match is found, AT-TLS transparently provides TLS protocol control for the connection based on the security attributes specified in the actions associated with the rule.