TTLSConfig statement

Use the TTLSConfig statement to specify the path of a local AT-TLS policy file that contains stack-specific AT-TLS policy statements. The TTLSConfig statement is required to define AT-TLS policy for a given stack. To define a common set of policies for multiple stacks, the TTLSConfig statement can be specified without a path name.

Requirement: The TTLSConfig statement is required to define AT-TLS policy for a given stack.

Results: For the associated TCP/IP image on the policy client, if the PolicyServer statement specifies remote AT-TLS policies, then one the following situations occurs:
  • If no local AT-TLS policies are installed, then the TTLSConfig statement is ignored.
  • If local AT-TLS policies are already installed, then the result is the same as if the TTLSConfig statement had been deleted.

Rule: For AT-TLS policies, if errors are detected during parsing, no new policies are installed.

The FLUSH/NOFLUSH and PURGE/NOPURGE parameters can be used to specify whether or not AT-TLS policies are deleted at startup (and when a MODIFY REFRESH command is entered) and shutdown, respectively.

The refresh interval for the TTLSConfig file is inherited from the image configuration file containing the corresponding TTLSConfig statement.

Specify the TTLSConfig statement without a path name in each image configuration file to define a common set of policies for multiple stacks.

The TTLSConfig statement can appear only in an image configuration file. If a TTLSConfig statement appears multiple times in an image configuration file, the last occurrence of the statement is used. If the TTLSConfig statement appears in the main configuration file, it is ignored (unless the main and image configuration files are the same file).

Syntax

Read syntax diagramSkip visual syntax diagramTTLSConfigpath FLUSHNOFLUSHPURGENOPURGE

Parameters

path
The path of the stack-specific AT-TLS policy file to be installed. If no path name is specified, then the common AT-TLS policy file specified on the CommonTTLSConfig statement is used.
You can specify an MVS™ data set name or a z/OS® UNIX file name. MVS data set names must be enclosed in single quotation marks (' ') and preceded by a double slash (//). Following are examples of both types of names: 
TTLSConfig  //'USER1.PAGENT.CONF(TTLS)'
TTLSConfig  /u/user1/pagent.ttls

Restriction: Dynamic monitoring for file updates using the -i startup option is supported only for z/OS UNIX files; MVS data sets are not monitored for change.

FLUSH
FLUSH specifies that all policies installed in the Policy Agent and the TCP/IP stack are deleted. Policies are flushed at the following times:
  • When a new TcpImage statement is processed for the first time, including Policy Agent starting
  • When a MODIFY REFRESH command is entered
NOFLUSH
NOFLUSH specifies that all policies installed in the Policy Agent and the TCP/IP stack are to remain during initial startup and at each refresh interval. In addition, policies that are deleted from a configuration are not deleted from the Policy Agent or the TCP/IP stack.
PURGE
Specifies that all policies installed in the TCP/IP stack are deleted during normal termination, and also when a TcpImage or PEPInstance statement is deleted.
NOPURGE
Specifies that all policies installed in the TCP/IP stack remain during normal termination and when a TcpImage or PEPInstance statement is deleted.

For details, see the FLUSH and PURGE information in z/OS Communications Server: IP Configuration Guide.

Result: If the TTLSConfig statement is deleted and FLUSH configured, then all AT-TLS policies are deleted from the corresponding stack.