NETENCRYPTKEYLEN= System Option

Specifies the key length that is used by the encryption algorithm for encrypted client/server data transfers.

Client:	optional
Server:	optional
Valid in:	Configuration file, OPTIONS statement, SAS System Options window, SAS invocation, SAS/CONNECT spawner command line
Category:	Communications: Networking and Encryption
PROC OPTIONS GROUP=	Communications
Alias:	NETENCRKEY=
Default:	0
Operating environment:	UNIX, Windows, z/OS
Tip:	When additional encryption options are specified on the spawner command line, the options must be included in the -SASCMD value. The spawner does not automatically pass the encryption values. For detailed information about -SASCMD, see Starting the UNIX Spawner in Communications Access Methods for SAS/CONNECT and SAS/SHARE, Starting the Windows Spawner in Communications Access Methods for SAS/CONNECT and SAS/SHARE, and Options to Start the z/OS Spawner in Communications Access Methods for SAS/CONNECT and SAS/SHARE.

Syntax

Details

Syntax

NETENCRYPTKEYLEN= 0 | 40 | 128

Syntax Description

0: specifies that the maximum key length that is supported at both the client and the server is used.

40: specifies a key length of 40 bits for the RC2 and RC4 algorithms.

128: specifies a key length of 128 bits for the RC2 and RC4 algorithms. If either the client or the server does not support 128-bit encryption, the client cannot connect to the server.

Details

The NETENCRYPTKEYLEN= option supports only the RC2 and RC4 algorithms. The SASProprietary, DES, TripleDES, SSL, and AES algorithms are not supported.

By default, if you try to connect a computer that is capable of only a 40-bit key length to a computer that is capable of both a 40-bit and a 128-bit key length, the connection is made using the lesser key length. If both computers are capable of 128-bit key lengths, a 128-bit key length is used.

Using longer keys consumes more CPU cycles. If you do not need a high level of encryption, set NETENCRYPTKEYLEN=40 to decrease CPU usage.