To allow users to select the level of security that suits their needs, and to enable communication with others who may have different needs, SSL defines cipher suites, or sets of ciphers. When an SSL connection is established, the client and server exchange information about which cipher suites they have in common. They then communicate using the common cipher suite that offers the highest level of security. If they do not have a cipher suite in common, then secure communication is not possible and CICS closes the connection.
Use the ENCRYPTION system initialization parameter to specify the level of encryption that CICS® should use. The default is STRONG, which means that CICS can use all of the cipher suites to negotiate with clients. You can set a minimum as well as a maximum encryption level by editing the list of cipher suites in the CIPHERS attribute on the appropriate resource definition.
- For inbound HTTP and IIOP
- Use the CIPHERS attribute of the TCPIPSERVICE resource. This automatically defines the PRIVACY attribute.
- For outbound IIOP
- Use the CIPHERS attribute of the CORBASERVER resource. This automatically defines the OUTPRIVACY attribute
- For outbound HTTP and web service requests
- Use the CIPHERS attribute of the URIMAP resource definitions.
- Specified when the list of ciphers in the CIPHERS attribute only includes ciphers with no encryption. For example, cipher suites 01 and 02.
- Specified when the list of ciphers in the CIPHERS attribute only includes cipher suites with encryption. For example, if ENCRYPTION=STRONG is specified, the full list of cipher suites are listed in the CIPHERS attribute. If you remove 01 and 02, the PRIVACY attribute changes to REQUIRED.
- Specified when the list of ciphers in the CIPHERS attribute includes 01 and 02 in combination with any other cipher suites.
|Cipher suite||Encryption algorithm||Key length||MAC algorithm|
|0A||Triple DES||168 bits||SHA|
|The terms used in this table are: