Question & Answer
Question
I need to ensure all my TCP/IP communications are encrypted when using CICS Configuration Manager for z/OS (CICS CM). How do I get the CICS CM TSO Batch REXX sample CCVXXMLC to secure and encrypt my communication to my CICS CM V5.2 server region that runs CICS Transaction Server for z/OS (CICS TS) V5.1?
I currently use the CCVSSL port with SSL when I access the ISPF dialog or CICS Explorer CM plugin, but when I run the sample CCVXXMLJ that invokes the CCVXXMLC REXX sample provided in SCCVSAMP, line 244 of the REXX sample says "Must NOT be SSL port".
Answer
The reason line 244 in the sample REXX procedure CCVXXMLC says "Must NOT be SSL port" is because this REXX procedure calls CCVXXMLS REXX sample that uses the z/OS Communications Server REXX Socket API. This API supports Application Transparent-Transport Layer Security (AT-TLS) so you need to configure AT-TLS policy rules and use the non-SSL port for the CICS CM server.
Here is an example using the CICS CM TCPIPSERVICE for non-SSL port 01401 with policy rules for the CICS CM server and batch REXX client.
#
TTLSRule CICSCM_1401_Server
{
LocalPortRange 1401
Priority 254
Direction Inbound
TTLSGroupActionRef Main_TTLS_Group
TTLSEnvironmentActionRef Secure_CICSCM_Env
}
#
TTLSRule CICSCM_1401_Client
{
LocalPortRange 0
RemotePortRange 1401
Priority 255
Direction Outbound
TTLSGroupActionRef Main_TTLS_Group
TTLSEnvironmentActionRef Secure_CICSCM_Client
}
#
#
TTLSGroupAction Main_TTLS_Group
{
TTLSEnabled On
# Log Errors to syslogd
Trace 255
}
#
#
TTLSEnvironmentAction Secure_CICSCM_Env
{
HandshakeRole Server
Trace 255
CtraceClearText On
TTLSKeyRingParms
{
Keyring CICSCM/CCMrng
}
TTLSCipherParms
{
V3CipherSuites 35
V3CipherSuites 38
V3CipherSuites 39
V3CipherSuites 2F
V3CipherSuites 32
V3CipherSuites 33
V3CipherSuites 0A
V3CipherSuites 16
V3CipherSuites 13
V3CipherSuites 15
V3CipherSuites 12
}
}
#
#
TTLSEnvironmentAction Secure_CICSCM_Client
{
HandshakeRole Client
Trace 255
CtraceClearText On
TTLSKeyRingParms
{
Keyring CICSCM/CCMrng
}
TTLSCipherParms
{
V3CipherSuites 35
V3CipherSuites 38
V3CipherSuites 39
V3CipherSuites 2F
V3CipherSuites 32
V3CipherSuites 33
V3CipherSuites 0A
V3CipherSuites 16
V3CipherSuites 13
V3CipherSuites 15
V3CipherSuites 12
}
}
See Application Transparent Transport Layer Security (AT-TLS) in the z/OS Communications Server documentation for more information.
Product Synonym
CICSCM CICS CM
Was this topic helpful?
Document Information
Modified date:
29 September 2016
UID
dwa1282495