To establish TLS between the Communication Resource Manager (CRM) and the Gateway (GWSNAX) over a distributed network, you require to enable TLS on both GWSNAX and CRM side in Oracle Tuxedo Mainframe Adapter for SNA.

The encryptions process occurs in the following way:

1. When the Gateway establishes a connection to the CRM, the entities exchange messages to determine if TLS encryption is enabled.
2. If both entities have TLS encryption capability, a negotiation is performed to determine the cipher to be used.

Each process has a range of acceptable cipher suites, as specified on the process start-up command line. The strongest supported cipher suite is used.

• Configuring the Oracle Tuxedo Mainframe Adapter for SNA Gateway and CRM
  
• Security Enforcement
  
• Samples of TLS Encryption Configuration File for CRM