Question & Answer
Question
Why am I receiving messages IZE0106E and DFHWB0114 when using TLS and trying to connect from CICS Explorer Version 5.2.0.5 [build id:20150908-1632] to CICS Transaction Server for z/OS (CICS TS) V5.2? I think I need help setting up AT-TLS in CICS TS V5.2. I have ENCRYPTION=ALL specified in the CICS System Initialization table (SIT) parameters. If I specify SSL=NO in TCPIPService definition, everything works fine.
When trying to connect to CICS, I receive the following message from CICS Explorer:
IZE0106E Connect Failed with error "Possible ssl connection Failure.
Configuration specified ssl=true,original exception was unrecognized
ssl message, plaintext connection?
In the CICS region, I see the following message:
DFHWB0114 mm/dd/yyyy hh:mm:ss CWXN A non-HTTP request has been
received by an HTTP service. The request has been rejected.
Host IP address: xxx.xxx.xxx.xxx. Client IP address: yyy.yyy.yyy.yyy.
TCPIPSERVICE: <name>
Answer
First of all, do not confuse Transport Layer Security (TLS) with Application Transparent Transport Layer Security (AT-TLS). TLS is follow-on to SSL with a new name. AT-TLS provides encryption and decryption of data based on policy statements that are coded in the Policy Agent. All encryption and decryption data is done outside of the CICS address space. There is no way you can setup AT-TLS using CICS Explorer.
Prior to CICS TS V5.3, CICS is AT-TLS unaware that AT-TLS is encrypting or decrypting data. The AT-TLS Basic mode is the only mode that can be used in earlier releases of CICS V5.2. A CICS TCPIPSERVICE would be defined with SSL(NO) as CICS is not encrypting or decrypting the data, which flows on the socket.
From CICS TS V5.3, CICS is AT-TLS aware, TCPIPSERVICE is defined with SSL(ATTLSAWARE) and PROTOCOL(HTTP). CICS issues an AT-TLS query to obtain information such as AT-TLS security status, negotiated CIPHER suite, partner certificate, and derived RACF user ID.
See the following tables in the section Introduction to Application Transparent Transport Layer Security (AT-TLS) of the CICS TS V5.3 documentation:
Table 1: Detailed description of AT-TLS modes and their CICS support
Table 2: Combinations for AT-TLS policy for the port and CICS TCPIPService
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
10 March 2016
UID
dwa1257143