Chapter 3. Configuring RRSF for TCP/IP 45
The lines highlighted in bold illustrate the following aspects of the policy:
TLS security is enabled for traffic between all IP addresses to and from port 18136
The digital certificates are stored in the key ring named IRR.RRSF.KEYRING
Cipher suites TLS_RSA_WITH_AES_256_CBC_SHA are used for data transfer
However, you can define your own security level and select different cipher suites and
different client authentication methods such as SAF Check. For more information, see 3.4.5,
“Using an external CA to sign a server certificate for each RRSF node” on page 66.
Activating and verifying the AT-TLS policy
After loading the policy, refresh the PAGENT task. The output is shown in Example 3-8.
Example 3-8 Refreshing PAGENT with AT-TLS policy
EZZ8443I PAGENT MODIFY COMMAND ACCEPTED
EZZ8771I PAGENT CONFIG POLICY PROCESSING COMPLETE FOR TCP/IP : TTLS
Consideration: If you already have an AT-TLS policy for other applications, open this
policy under z/OSMF. Update it to add the RRSF_Client and RRSF_Server rules. For more
information, see “Configuring the RRSF Client” on page 39 and “Configuring RRSF
Server” on page 41.