CICS TS 5.2 not accepting TLS 1.1 when ENCRYPTION=STRONG

Question & Answer

Question

Why isn't my CICS Transaction Server for z/OS (CICS TS) V5.2 region accepting Transport Layer Security (TLS) 1.1 requests when I have ENCRYPTION set to STRONG? The restful service request is coming in TLS 1.1 but the request is not making it to CICS. When I change it back to TLS 1.0, it works fine. I thought with ENCRYPTION set to STRONG that the the Minlevel the region can accept is TLS1.0 and higher.

Answer

Determine the level of TLS that needs to be supported and set the system initialization table (SIT) parameter to the required value:

At CICS TS V5.1 and V5.2 ENCRYPTION=STRONG supports TLS 1.0 only. ENCRYPTION=ALL supports TLS 1.0, 1.1, and 1.2. ENCRYPTION=TLS12FIPS or TLS12 supports TLS 1.2 only.
At CICS 5.3, this TLS level is controlled by a new MINTLSLEVEL SIT parameter. MINTLSLEVEL=TLS10 sets the minimum level of TLS to 1.0, MINTLSLEVEL=TLS11 sets the minimum level of TLS to 1.1, and MINTLSLEVEL=TLS12 sets the minimum level of TLS to 1.2

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Was this topic helpful?

Document Information

Modified date:
02 March 2016

UID

dwa1255384

Tips