APPC/MVS encrypts RRSF data during transmission using DES with an effective key length of 56 bits.

TCP/IP uses AT-TLS to encrypt RRSF data. AT-TLS provides a number of cipher suites, most of which are stronger than the DES used by APPC/MVS. When you set up the AT-TLS policy, you can specify a number of cipher suites within a rule in order of preference, and AT-TLS selects the first one requested by both of the communicating nodes. For information about the cipher suites that AT-TLS supports, see the description of the TTLSCipherParms statement in z/OS Communications Server: IP Configuration Reference. After successfully connecting, RACF® issues a message indicating the cipher in effect. RACF does not enforce a minimum encryption level, and allows a connection with no encryption. (You might want to specify no encryption for AT-TLS if you have specified encryption at the link layer, or if your nodes are connected across LPARs on the same physical system and you are willing to trade off the low level of risk for improved performance.) The sample AT-TLS rules for RRSF specify 256-bit AES encryption.