Displays Application Transparent Transport Layer Security (AT-TLS) information. AT-TLS supports only TCP protocol connections.
.-GRoup--------------------. >>-+--------------------------+-------------------------------->< +-COnn--connid--+--------+-+ | '-DETAIL-' | '-GRoup--+--------+--------' '-DETAIL-'
Provide the report for a specific TCP/IP address space by using TCp tcpname. See The Netstat command target for more information about the TCp parameter.
The default output option displays the output on the user's terminal. For other options, see The TSO NETSTAT command syntax or Netstat command output.
.-GRoup--------------------. >>-+--------------------------+-------------------------------->< +-COnn--connid--+--------+-+ | '-DETAIL-' | '-GRoup--+--------+--------' '-DETAIL-'
Provide the report for a specific TCP/IP address space by using TCp tcpname. See The Netstat command target for more information about the TCp parameter.
The default output option displays the output on the user's terminal. For other options, see The TSO NETSTAT command syntax or Netstat command output.
NETSTAT TTLS (defaults to NETSTAT TTLS GROUP)
NETSTAT TTLS CONN 1B TCP TCPCS8
Display summary AT-TLS information for the specified connection in the TCPCS8
stack.
NETSTAT TTLS CONN 1B DETAIL TCP TCPCS8
Display detailed AT-TLS information for the specified connection in the TCPCS8
stack.
NETSTAT TTLS GROUP
Display summary information for active AT-TLS groups.
NETSTAT TTLS GROUP DETAIL
Display detailed information for active AT-TLS groups.
netstat -x (defaults to -x GROUP)
netstat -x CONN 1b -p tcpcs8
netstat -x CONN 1b DETAIL -p tcpcs8
netstat -x GROUP
netstat -x GROUP DETAIL
The following examples are generated by using TSO NETSTAT command. Using the z/OS UNIX netstat command displays the data in the same format as the TSO NETSTAT command.
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 19:51:22
ConnID: 000000B8
JobName: FTPD1
LocalSocket: ::ffff:127.0.0.1..21
RemoteSocket: ::ffff:127.0.0.1..1030
SecLevel: TLS Version 1.2
Cipher: C001 TLS_ECDH_ECDSA_WITH_NULL_SHA
CertUserID: N/A
MapType: Primary
FIPS140: Off
TTLSRule: ftp_serv_21
TTLSGrpAction: grp_act1
TTLSEnvAction: env_act_serv
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 19:51:53
ConnID: 000000B8
JobName: FTPD1
LocalSocket: ::ffff:127.0.0.1..21
RemoteSocket: ::ffff:127.0.0.1..1030
SecLevel: TLS Version 1.2
Cipher: C001 TLS_ECDH_ECDSA_WITH_NULL_SHA
CertUserID: N/A
MapType: Primary
FIPS140: Off
TTLSRule: ftp_serv_21
Priority: 1
LocalAddr: All
LocalPort: 21
LocalPort: 2021
LocalPortFrom: 620 LocalPortTo: 621
RemoteAddr: All
RemotePort: All
Direction: Inbound
TTLSGrpAction: grp_act1
GroupID: 00000006
GroupUserInstance: 6
TTLSEnabled: On
Envfile: /tmp/grp1.env
CtraceClearText: On
Trace: 255
SyslogFacility: Daemon
SecondaryMap: Off
FIPS140: Off
TTLSEnvAction: env_act_serv
EnvironmentUserInstance: 8
HandshakeRole: Server
Keyring: /u/user3/testdb
KeyringPW: Yes
V3CipherSuites: C001 TLS_ECDH_ECDSA_WITH_NULL_SHA
C002 TLS_ECDH_ECDSA_WITH_RC4_128_S
HA
C003 TLS_ECDH_ECDSA_WITH_3DES_EDE_
CBC_SHA
C004 TLS_ECDH_ECDSA_WITH_AES_128_C
BC_SHA
CtraceClearText: On
Trace: 255
SSLV2: Off
SSLV3: On
TLSV1: On
TLSV1.1: On
TLSV1.2: On
ResetCipherTimer: 0
ApplicationControlled: On
HandshakeTimeout: 10
CertificateLabel: ecdh_ecdsa_secp384r1
SecondaryMap: On
TruncatedHMAC: Off
ClientMaxSSLFragment: Off
ServerMaxSSLFragment: Off
ClientHandshakeSNI: Off
ServerHandshakeSNI: Off
ClientAuthType: Required
CertValidationMode: Any
Renegotiation: Default
RenegotiationIndicator: Optional
RenegotiationCertCheck: Off
SuiteBProfile: Off
GSK_CRL_CACHE_TIMEOUT: 0
Result: A field in a policy rule or policy action is displayed only when a value was configured for that attribute or when the attribute has a default value. Fields which were left undefined and have no default value are not displayed.
Result: For a particular connection, the ApplicationControlled value on the TTLSConnectionAction, if specified, overrides the ApplicationControlled value on the TTLSEnvironmentAction.
Result: For a particular connection, the CertificateLabel value on the TTLSConnectionAction statement, if specified, overrides the CertificateLabel value on the TTLSEnvironmentAction statement. If a CertificateLabel value is not specified on either the TTLSConnectionAction statement or the TTLSEnvironmentAction statement, the keyring default certificate is used.
Result: For a particular connection, the ClientMaxSSLFragment value on the TTLSConnectionAction statement, if specified, overrides the ClientMaxSSLFragment value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the ClientMaxSSLFragmentLength value on the TTLSConnectionAction statement, if specified, overrides the ClientMaxSSLFragmentLength value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the ClientHandshakeSNIList value on the TTLSConnectionAction statement, if specified, overrides the ClientHandshakeSNIList value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the CtraceClearText value on the TTLSConnectionAction statement, if specified, overrides the CtraceClearText value on the TTLSEnvironmentAction statement which, in turn, (if specified) overrides the CtraceClearText value on the TTLSGroupAction statement.
For connections with HandshakeRole set to Client, the timer is initially set to 5 times this value, allowing for network delay and any delay on the server in processing the connection. When the initial response is received from the server, the timer is reset to this value so that the initial handshake can complete.
For connections with HandshakeRole set to Server or ServerWithClientAuth, when the server starts to process the new connection, the timer is set to this value and the server then waits for the initial request from the client. When the server sends the initial response, the timer is reset to this value so that the initial handshake can complete.
If the timer expires, the TCP connection is reset. A value of 0 indicates that the connection does not time out waiting for the initial handshake to complete.
Result: For a particular connection the HandshakeTimeout value on the TTLSConnectionAction, if specified, overrides the HandshakeTimeout value on the TTLSEnvironmentAction.
Result: For a particular connection, the HandshakeRole value on the TTLSConnectionAction, if specified, overrides the HandshakeRole value on the TTLSEnvironmentAction statement.
When part of the TTLSRule section, the JobName value is the job name condition that was specified in the policy rule that was mapped to the connection. If no JobName value is specified for a policy rule, all job names is the default. If specified, the connection must match this condition. A trailing asterisk indicates a wildcard specification.
Result: For a particular connection the ResetCipherTimer value on the TTLSConnectionAction statement, if specified, overrides the ResetCipherTimer value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the ServerMaxSSLFragment value on the TTLSConnectionAction statement, if specified, overrides the MaximumSSLFragment value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the ServerHandshakeSNI value on the TTLSConnectionAction statement, if specified, overrides the ServerHandshakeSNI value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the ServerHandshakeSNIMatch value on the TTLSConnectionAction statement, if specified, overrides the ServerHandshakeSNIMatch value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the ServerHandshakeSNIList value on the TTLSConnectionAction statement, if specified, overrides the ServerHandshakeSNIList value on the TTLSEnvironmentAction statement.
Result: For a particular connection the SSLV2 value on the TTLSConnectionAction statement, if specified, overrides the SSLV2 value on the TTLSEnvironmentAction statement.
Result: For a particular connection the SSLV3 value on the TTLSConnectionAction statement, if specified, overrides the SSLV3 value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the TLSV1 value on the TTLSConnectionAction statement, if specified, overrides the TLSV1 value on the TTLSEnvironmentAction statement.
Result: For a particular connection the TLSV1.1 value on the TTLSConnectionAction statement, if specified, overrides the TLSV1.1 value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the TruncatedHMAC value on the TTLSConnectionAction statement, if specified, overrides the TruncatedHMAC value on the TTLSEnvironmentAction statement.
Result: For a particular connection the Trace value on the TTLSConnectionAction, if specified, overrides the Trace value on the TTLSEnvironmentAction statement which in turn, if specified, overrides the Trace value on the TTLSGroupAction statement.
The level of tracing is a sum of the following numbers:
Result: For a particular connection the V2CipherSuites value on the TTLSConnectionAction statement, if specified, overrides the V2CipherSuites value on the TTLSEnvironmentAction statement.
Result: For a particular connection, the V3CipherSuites value on the TTLSConnectionAction statement, if specified, overrides the V3CipherSuites value on the TTLSEnvironmentAction statement.
Result: A field in a policy rule or policy action is displayed only when a value was configured for that attribute or when the attribute has a default value. Fields that were left undefined and have no default value are not displayed.
NETSTAT TTLS GROUP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 12:55:20
TTLSGrpAction Group ID Conns
---------------------------------------- ----------------- -----
TTLSGrpAction15 (Stale) 00000004 25
TTLSGrpAction5 00000007 (Failed) 0
NETSTAT TTLS GROUP DETAIL
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 12:55:20
TTLSGrpAction: TTLSGrpAction15 (Stale)
GroupID: 00000004
Tasks: 10 GroupConns: 25
WorkQElements: 7 SyslogQElements: 1
Env: TTLSEnvAction9 EnvConns: 25
TTLSGrpAction: TTLSGrpAction5
GroupID: 00000007 (Failed)
Tasks: 0 GroupConns: 0
WorkQElements: 0 SyslogQElements: 0