Enable new AT-TLS policies by using the Configuration
Assistant or manual configuration: - If using IBM® Configuration
Assistant for z/OS Communications
Server, migrate your current backing store to V2R1.
- Use new AT-TLS statements or parameters as needed in the AT-TLS
environment or connection actions.
|
See the following topics:
|
Optionally, display the policy-based networking
information. Use the pasearch command to display AT-TLS policies. |
The z/OS UNIX pasearch
command in z/OS Communications Server: IP System Administrator's
Commands |
Before you use Elliptic Curve Cryptography (ECC)
ciphers, perform the following steps:- Start ICSF.
- If the CSFSERV class is defined, give the user ID that runs the
AT-TLS application READ access to the following resources in that
class:
- CSF1TRC
- CSF1PKV
- CSF1PKS
- CSF1GKP
- CSF1GAV
- CSF1DVK
- CSF1TRD
|
Using Cryptographic Features with System SSL
in Cryptographic Services System Secure Sockets Layer programming
(SC24-5901-11) |
Before you use AES GCM ciphers, perform the
following steps: - Start ICSF.
- If the CSFSERV class is defined, give the user ID that runs the
AT-TLS application READ access to the following resources in that
class:
- CSF1TRC
- CSF1SKD
- CSF1SKE
- CSF1TRD
|
Using Cryptographic Features with System SSL
in Cryptographic Services System Secure Sockets Layer programming
(SC24-5901-11) |
If you intend to use any of the new four character
cipher suites, you might need to modify applications: - Use the TTLSi_Neg_Cipher4 field instead of the TTLSi_Neg_Cipher
field on the SIOCTTLSCTL ioctl.
- Use the Network Management Interface NWMTcpConnType to use the
NWMConnTTLSNegCiph4 field instead of the NWMConnTTLSNegCiph field.
- Process SMF Type 119 records:
- TCP Connection Termination to use the SMF119AP_TTTTLSNC4 field
instead of the SMF119AP_TTTTLSNC field
- CSSMTP Connection Identification to use the SMF119ML_CN_TLSSNC4
field instead of the SMF119ML_
- CN_TLSSNC field FTP Client Transfer Complete to use the SMF119FT_FCCipher4
field instead of the SMF119FT_FCCipher field
- FTP Server Transfer Complete to use the SMF119FT_FSCipher4 field
instead of the SMF119FT_FSCipher field
- FTP Login Failure to use the SMF119FT_FFCipher4 field instead
of the SMF119FT_FFCipher field
|
Network management interfaces and Application Transparent Transport Layer Security
(AT-TLS) in z/OS Communications Server: IP Programmer's Guide
and Reference |
Use new SNMP MIB object ibmMvsTcpConnectionTtlsNegCipher4
to retrieve the four-byte cipher in use on a TCP connection using
AT-TLS. |
TCP/IP subagent in z/OS Communications Server: IP System Administrator's
Commands |