Question & Answer
Question
How do I disable support for Secure Sockets Layer (SSL) version 3.0 in CICS Transaction Server for z/OS (CICS TS)?
Answer
You can apply the following CICS APARs to change the default SSL (also known as Transport Layer Security, TLS) configuration to disable SSLv3. The PTFs change the meaning of the default value for the ENCRYPTION keyword in the system initialization table (SIT) parameter. The default before the PTFs are applied is ENCRYPTION=STRONG and included both SSL V3.0 and TLS 1.0 (for V3 & V4). After the PTFs are applied, ENCRYPTION=STRONG continues to be the default but the minimum level of TLS changes to 1.0. The PTFs also add the new option ENCRYPTION=SSLV3 that allows the SSLv3 protocol to be enabled if required.
APAR PI28039 - CICS TS for z/OS V5.2 and V5.1
CICS TS V5.2 PTFs:
R900 - UI23070
R90D - UI23071
R903 - UI23072
CICS TS V5.1 PTFs:
R800 - UI23067
R80L - UI23068
R803 - UI23069
APAR PI27936 - CICS TS for z/OS V4.2 and V4.1
CICS TS V4.2 PTFs:
R700 - UI23065
R703 - UI23066
CICS TS V4.1 PTFs:
R600 - UI23063
R603 - UI23064
APAR PI28038 - CICS TS for z/OS V3.2 and V3.1
CICS TS V3.2 PTFs:
R500 - UI23061
R503 - UI23062
CICS TS V3.1 PTFs:
R400 - UI23059
R403 - UI23060
See APAR PI28039 update in the CICS documentation for additional information.
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
05 June 2017
UID
dwa1195589