NETENCRYPTKEYLEN= System Option

Specifies the key length that is used by the encryption algorithm for encrypted client/server data transfers.

Client: Optional
Server: Optional
Valid in: Configuration file, OPTIONS statement, SAS System Options window, SAS invocation, SAS/CONNECT spawner command line
Category: Communications: Networking and Encryption
PROC OPTIONS GROUP= Communications
Alias: NETENCRKEY=
Default: 0
Operating environment: UNIX, Windows, z/OS
Tip: When additional encryption options are specified on the spawner command line, the options must be included in the -SASCMD value. The spawner does not automatically pass the encryption values. For detailed information, see SASCMD for your operating environment in SAS/CONNECT User’s Guide.

Syntax

NETENCRYPTKEYLEN= 0 | 40 | 128

Syntax Description

0

specifies that the maximum key length that is supported at both the client and the server is used.

40

specifies a key length of 40 bits for the RC2 and RC4 algorithms.

128

specifies a key length of 128 bits for the RC2 and RC4 algorithms. If either the client or the server does not support 128-bit encryption, the client cannot connect to the server.

Details

The NETENCRYPTKEYLEN= option supports only the RC2 and RC4 algorithms. The SAS Proprietary, DES, TripleDES, SSL, and AES algorithms are not supported.
By default, if you try to connect a computer that is capable of only a 40-bit key length to a computer that is capable of both a 40-bit and a 128-bit key length, the connection is made using the lesser key length. If both computers are capable of 128-bit key lengths, a 128-bit key length is used.
Using longer keys consumes more CPU cycles. If you do not need a high level of encryption, set NETENCRYPTKEYLEN=40 to decrease CPU usage.