How to set up ARSSOCKD so that it's only accessible via TLS v1.2?
1. Get SSL up and running as per this thread:
http://www.odusergroup.org/forums/index.php?topic=1938.02. Disable the non-SSL connections:
SSL_CLNT_USE_SSL=1
3. Add the following ENVAR to ARSSOCKD:
XXARSSOC95 EXEC PGM=ARSSOCKD,REGION=0M,TIME=NOLIMIT,
XX PARM='ENVAR(GSK_PROTOCOL_TLSV1_2=ON,GSK_PROTOCOL_TLSV1=0)
XX /-S -I ARCH950 -v' 4. At this point you should be able to logon with the Windows client and load from Windows as well. You can verify that the connection is TLS v1.2 via your favorite TCP/IP utility.
5. For batch on the same LPAR verification you need to add the ENVAR to each batch job, for example to run the validate utility:
//STEP1 EXEC PGM=ARSMAINT,REGION=0M,
// PARM='ENVAR(GSK_PROTOCOL_TLSV1_2=ON,GSK_PROTOCOL_TLSV1=0)
// /-I ARCH950 -o -v'
//STEPLIB DD DISP=SHR,DSN=ARS.ARSV950.SARSLOAD
//ARSBIN DD PATH='/usr/lpp/ars/V9R5M0/bin'
//SYSPRINT DD SYSOUT=*,DCB=(RECFM=FBA,LRECL=134,BLKSIZE=134) 6. For security, the certificate is checked. In the batch job's JOB card I had to add the USER= parm as per this thread:
www.odusergroup.org/forums/index.php?topic=2296 Ed