I wrote  Using AT-TLS and PAGENT on z/OS
<https://colinpaice.blog/2022/10/19/using-at-tls-and-pagent-on-z-os-with-adcd/>
which covers setting  up ATTLS, and gives an example or two
Colin

On Mon, 1 May 2023 at 22:17, Keith Gooding <
[email protected]> wrote:

> Bill.
>
> A AT-TLS rule consists of a number of tests and pointers to actions which
> are performed if all of the tests are true. One of the actions specifies if
> TLS is to be enabled or not.  You can test on  local and remote port
> numbers , local and remote IP addresses, connection direction (inbound or
> outbound) , local address space name etc. you may have a rule which says
> “if the remote port is 443 (https ?) and direction is outbound then enable
> TLS”.  This would  enable TLS for an SMPE batch job connecting to an https
> server. To check you can either view the AT-TLS policy or,  to get a better
> formatted list, use the unix command “pasearch -t >  mylist.txt” and then
> view mylist.txt. See Comms Server IP diagnosis for details of pasearch and
> how to list a subset of the policy. If this is in fact the problem you
> could add add another rule which says “if the remote IP address is the IBM
> https server then do not enable TLS“.
>
> Keith
> > On 1 May 2023, at 20:29, Michael Babcock <[email protected]> wrote:
> >
> > Here's our simple DB2 Secure port definition in AT-TLS:
> >
> > TTLSRule DBRTSecureServer            # Secure DBRT
> > {
> >   LocalPortRange           4450                        # DBRT Secure Port
> >   Direction                Inbound                     # Inbound Only
> >   Priority                 1                           # Lowest priority
> rule
> >   TTLSGroupActionRef       grp_Production              # Uncomment once
> debugging
> >   TTLSEnvironmentActionRef DBRT_SecureServer_Action    # DBRT Env Action
> > }
> >
> > TTLSEnvironmentAction     DBRT_SecureServer_Action
> > {
> >   HandshakeRole           Server
> >   TTLSKeyRingParmsRef     DBRT_Keyring_Parms
> >   TTLSCipherParmsRef      DB2_CipherParms
> >   TTLSEnvironmentAdvancedParms
> >   {
> >     ClientAuthType        PassThru
> >     SSLv2                 Off
> >     SSLv3                 Off
> >     TLSv1                 Off
> >     TLSv1.1               Off
> >     TLSv1.2               On
> >   }
> > }
> >
> > TTLSKeyRingParms          DBRT_Keyring_Parms
> > {
> >  Keyring                  DBRT/DBRT.KEYRING
> > }
> >>
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to