Question & Answer
Question
Why isn't my CICS Transaction Server for z/OS (CICS TS) V5.2 region accepting Transport Layer Security (TLS) 1.1 requests when I have ENCRYPTION set to STRONG? The restful service request is coming in TLS 1.1 but the request is not making it to CICS. When I change it back to TLS 1.0, it works fine. I thought with ENCRYPTION set to STRONG that the the Minlevel the region can accept is TLS1.0 and higher.
Answer
Determine the level of TLS that needs to be supported and set the system initialization table (SIT) parameter to the required value:
At CICS TS V5.1 and V5.2 ENCRYPTION=STRONG supports TLS 1.0 only. ENCRYPTION=ALL supports TLS 1.0, 1.1, and 1.2. ENCRYPTION=TLS12FIPS or TLS12 supports TLS 1.2 only.
At CICS 5.3, this TLS level is controlled by a new MINTLSLEVEL SIT parameter. MINTLSLEVEL=TLS10 sets the minimum level of TLS to 1.0, MINTLSLEVEL=TLS11 sets the minimum level of TLS to 1.1, and MINTLSLEVEL=TLS12 sets the minimum level of TLS to 1.2
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
02 March 2016
UID
dwa1255384