ENCRYPTION statement

Use the ENCRYPTION parameter statement to allow the selection of a subset of the supported algorithms to use for this port. Each z/OS® system level supports a specific set of encryption algorithms.

The ENCRYPTION statement can be coded in the TELNETGLOBALS, TELNETPARMS, or PARMSGROUP statement blocks. See Rules for Telnet parameter statements and security parameters for more information about the hierarchy of parameter values.

Restriction: The ENCRYPTION/ENDENCRYPTION block applies only to a Telnet SECUREPORT that serves SSLv3/TLSv1 and later clients.

Syntax

Read syntax diagramSkip visual syntax diagram
>>-+------------------------------------------------+----------><
   |             .-----------------.                |   
   |             V                 |                |   
   '-ENCRYPTion----+-cipher_spec-+-+--ENDENCRYPTion-'   
                   '-DEFAULT-----'                      

Parameters

cipher_spec
The cipher specification (cipher_spec) to use for this port. The order in which the cipher specifications are specified is significant. The server controls which of the available cipher specifications are used for data encryption by specifying the desired cipher specification in order of preference. The actual cipher_spec used is the best match between what the server requests and what the client supports. If the client does not support any of the cipher specifications the server requests, the secure handshake fails and the connection is closed.
DEFAULT
Indicates that the cipher specifications, in the order listed below, are used for SSLv3 and TLSv1 negotiated connections.
Following are the cipher specifications that can be specified: 
  cipher_spec              Telnet Display Abbreviation     Cipher number
   --------------           --------------------               ---------------
  SSL_RC4_SHA                     4S                                05
  SSL_RC4_MD5                     4M                                04
  SSL_AES_256_SHA                 A2                                35
  SSL_AES_128_SHA                 A1                                2F
  SSL_3DES_SHA                    3S                                0A
  SSL_DES_SHA                     DS                                09
  SSL_RC4_MD5_EX                  4E                                03
  SSL_RC2_MD5_EX                  2E                                06
  SSL_NULL_SHA                    NS                                02
  SSL_NULL_MD5                    NM                                01
  SSL_NULL_Null                   NN                                00
All SSLv2 cipher specifications supported by System SSL are used for SSLv2 negotiated connections. The DEFAULT keyword provides a way to override specific choices made in TELNETGLOBALS or TELNETPARMS statements. If the DEFAULT keyword is specified along with a cipher_spec value, only DEFAULT is recognized.
Parent topic: Telnet parameter statements in the Telnet profile