SSLKeyResetCount (integer) on IBM i
Determines the total number of non-encrypted bytes that are sent and received within a TLS conversation, before the secret key is renegotiated. The number of bytes includes control information sent by the message channel agent (MCA).
This value is only used by TLS channel MCAs which initiate communication from this queue manager (that is, the sender channel MCA in a sender and receiver channel pairing).
If the value of this attribute is greater than 0, and channel heartbeats are enabled for a channel, the secret key is also renegotiated before data is sent or received following a channel heartbeat. The count of bytes until the next secret key renegotiation is reset after each successful renegotiation occurs.
The value can be in the range 0 through 999 999 999. A value of 0 for this attribute indicates that the secret key is never renegotiated. If you specify a TLS secret key reset count in the range 1 byte through 32 KB, TLS channels will use a secret key reset count of 32 KB. This is to avoid the processing cost of excessive key resets which would occur for small TLS secret key reset values.
When the SSL server is an IBM MQ queue manager, and both secret key reset and channel heartbeats are enabled, renegotiation occurs immediately after each channel heartbeat.
To determine the value of this attribute, use the IASSRC selector with the MQINQ call.
Parent topic: Attributes for the queue manager on IBM i