Determining a session's data encryption level

The data encryption level is negotiated in the BIND and BIND response for each session. The session's data encryption level is determined by the ENCR parameter on the LUs' APPL definition statements, the ENCR parameter on the logmode table entry, and the MODIFY ENCR operator command.

For more information about coding the ENCR parameter, refer to z/OS Communications Server: SNA Resource Definition Reference. For more information about the MODIFY ENCR command, refer to z/OS Communications Server: SNA Operation. For additional information about session level cryptography, refer to z/OS Communications Server: SNA Programming.

The partner LU can negotiate the data encryption to a higher level, but it cannot negotiate it to a lower level. On completion of either an APPCCMD CONTROL=ALLOC, or APPCCMD CONTROL=RCVFMH5 macro, the RPL6CRYP field of the RPL6 will indicate the data encryption level of the session allocated to the conversation.

Table 1 shows the selection process that VTAM uses to establish the session level of cryptography, based on the values coded for the primary LU, the secondary LU, and the logon mode table entry.

Note: The cryptographic requirements specified on the VTAM APPL definition statement or VTAM operator MODIFY ENCR command for an LU and the logon mode table entry are compared. The higher of the cryptographic levels is used.

Table 1. Level of cryptography for LU 6.2 cryptographic sessions
Primary LU, from VTAM Definition or VTAM Operator Command (See Note)	Secondary LU, from VTAM Definition or VTAM Operator Command (See Note)	Logon Mode Table Entry	Level of Cryptography Used for Session
Required	Required	Required Selective None	A required session is established.
	Selective	Required Selective None
	None, but capable of cryptography	Required Selective None
	None, and not capable of cryptography	Required Selective None	The request for session establishment fails.
Selective	Required	Required Selective None	A required session is established.
	Selective	Required	A required session is established.
	Selective	Selective None	A selective session is established.
	None, but capable of cryptography	Required	A required session is established.
	None, but capable of cryptography	Selective None	A selective session is established.
	None, and not capable of cryptography	Required Selective None	The request for session establishment fails.
Conditional	Required	Required Selective None	A required session is established.
	Selective	Required Selective None
	None, but capable of cryptography	Required Selective None
	None, and not capable of cryptography	Required Selective	The request for session establishment fails.
	None, and not capable of cryptography	None	A session is established without encryption.
Optional or no specification	Required	Required Selective None	A required session is established.
	Selective	Required	A required session is established.
	Selective	Selective None	A selective session is established.
	None, but capable of cryptography	Required	A required session is established.
		Selective	A selective session is established.
		None	A session is established without encryption.
	None, and not capable of cryptography	Required Selective	The request for session establishment fails.
	None, and not capable of cryptography	None	A session is established without encryption.