cancel
Showing results for 
Search instead for 
Did you mean: 

How to Enable / Disable Encryption (for HP NonStop, AIX and HP-UX only)

Highlighted
Moderator

How to Enable / Disable Encryption (for HP NonStop, AIX and HP-UX only)

How to Enable / Disable  Encryption (for HP NonStop, AIX and HP-UX only)

 

1 REPLY 1
Moderator

Re: How to Enable / Disable Encryption (for HP NonStop, AIX and HP-UX only)

How to Enable / Disable  Encryption (for HP NonStop, AIX and HP-UX only)

By default, all communications between Prognosis servers is encrypted. If required, encryption can be disabled by modifying the NETWORK configuration.

Note:
After Prognosis 11.0 and prior to 11.1 Patch 3 the following tokens FORCE-LEGACY-CONNECTIONS and ALLOW-LEGACY-CONNECTIONS were considered valid syntax but did not have any effect on Prognosis communications. As of Prognosis 11.1 Patch 3, these tokens affect Prognosis communications as described in the following section.

FORCE-LEGACY-CONNECTIONS

Use the FORCE-LEGACY-CONNECTIONS token to force all communication to and from the current Prognosis server to be unencrypted. Prognosis will accept only unencrypted communications, rejecting encrypted connections.

SUBSYS NETWORK
...
FORCE-LEGACY-CONNECTIONS ()

When FORCE-LEGACY-CONNECTIONS is configured, an entry will be entered in the Prognosis audit log: “This node is configured to use unencrypted connections.”

ALLOW-LEGACY-CONNECTIONS

The ALLOW-LEGACY-CONNECTIONS() token configures whether unencrypted connections can be made to a Prognosis server. If required, this statement can be modified using the following syntax:

SUBSYS NETWORK
...
ALLOW-LEGACY-CONNECTIONS ({<server-name>|*})

The statement will accept either a Prognosis server name (IP address is not accepted) or an asterisk (*):
Description Example Syntax
Single Server ALLOW-LEGACY-CONNECTIONS (Svr101)

Multiple Servers: Comma Separated ALLOW-LEGACY-CONNECTIONS (Svr101, Svr102, Svr103, ...)

Multiple Servers: Multi-line ALLOW-LEGACY-CONNECTIONS (Svr101)
ALLOW-LEGACY-CONNECTIONS (Svr102)
ALLOW-LEGACY-CONNECTIONS (Svr103)

A node configured with FORCE-LEGACY-CONNECTIONS will only be able to communicate with a remote Prognosis server if the remote server is configured with either of the following:
a) FORCE-LEGACY-CONNECTIONS() or
b) ALLOW-LEGACY-CONNECTIONS(*)
When an unencrypted connection is established between two Prognosis servers, an entry will be added to the Prognosis audit log for both servers: “Establishing an unencrypted connection to Prognosis node \NODE1.”
Note:
After making configuration changes to the encryption of Prognosis communications, it is recommended to restart Prognosis. This ensures that all communications are established using the desired level of encryption

Blog: What Optimal Transaction Performance Means

A number of our customers use Prognosis to monitor the health of their payment systems. As part of this, they monitor the transactions flowing through the system ...

Read blog
Top Liked Members