Disabling support for SSL V3 in CICS TS

Question & Answer

Question

How do I disable support for Secure Sockets Layer (SSL) version 3.0 in CICS Transaction Server for z/OS (CICS TS)?

Answer

You can apply the following CICS APARs to change the default SSL (also known as Transport Layer Security, TLS) configuration to disable SSLv3. The PTFs change the meaning of the default value for the ENCRYPTION keyword in the system initialization table (SIT) parameter. The default before the PTFs are applied is ENCRYPTION=STRONG and included both SSL V3.0 and TLS 1.0 (for V3 & V4). After the PTFs are applied, ENCRYPTION=STRONG continues to be the default but the minimum level of TLS changes to 1.0. The PTFs also add the new option ENCRYPTION=SSLV3 that allows the SSLv3 protocol to be enabled if required.

APAR PI28039 - CICS TS for z/OS V5.2 and V5.1

CICS TS V5.2 PTFs:
R900 - UI23070
R90D - UI23071
R903 - UI23072

CICS TS V5.1 PTFs:
R800 - UI23067
R80L - UI23068
R803 - UI23069

APAR PI27936 - CICS TS for z/OS V4.2 and V4.1

CICS TS V4.2 PTFs:
R700 - UI23065
R703 - UI23066

CICS TS V4.1 PTFs:
R600 - UI23063
R603 - UI23064

APAR PI28038 - CICS TS for z/OS V3.2 and V3.1

CICS TS V3.2 PTFs:
R500 - UI23061
R503 - UI23062

CICS TS V3.1 PTFs:
R400 - UI23059
R403 - UI23060

See APAR PI28039 update in the CICS documentation for additional information.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"SSL","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Was this topic helpful?

Document Information

Modified date:
05 June 2017

UID

dwa1195589

Tips