Knowledge Article View - Customer Support

The default configuration of a SAS/CONNECT Server in SAS^® 9.4M8 and SAS^® 9.4M9 to implement SSL/TLS requires you to set SSL* options for both the CONNECT Spawner and the CONNECT Server.

After installing the associated hot fix for SAS 9.4M8 and SAS 9.4M9, you no longer need to set the NETENCRYPTALGORITHM= and SSL parms/options for the CONNECT Server. Instead, the CONNECT Server will inherit the values for the SSL options from the CONNECT Spawner along with the following SAS parm / option NETENCRYPTALGORITHM=.

/* SSL parms for a UNIX SAS/CONNECT Spawner and Server */
sslpvtkeyloc
sslcertloc
sslpkcs12loc
sslcertloc
sslcalistloc
sslpkcs12pass
sslpvtkeypass
sslclientauth

/* SSL parms for a Microsoft Windows SAS/CONNECT Spawner and Server */

sslcertiss
sslcertserial
sslcertsubj
sslcrlcheck
sslclientauth

/* SSL parms for a z/OS SAS/CONNECT Spawner and Server */
sslkeyringfile
sslkeyringlabel
sslkeyringstashfile

For details about NETENCRYPTALGORITHM, see SAS KB0041538, "Deprecation of the NETENCRYPTALGORITHM (NETENCRALG) system option values AES, DES, RC2, RC4, and TripleDES."

Changes to the required SAS/CONNECT® Server options due to inheriting ENCRYPTION parms/options from the SAS/CONNECT® Spawner