Use the ciphersuites parameter
to restrict the set of cipher suites that can be used with the SSL
protocol.
ciphersuites=<name>- Description
- Specify the cipher suites that Java™ Client
applications can use to connect to the CICS® Transaction Gateway. You
can define multiple cipher suites by separating them with a comma.
If the Java Client application
does not support any of the cipher suites listed, it cannot connect
to the CICS Transaction Gateway.
If no cipher suite is specified or the parameter is omitted, all available
cipher suites can be used. Because CICS Transaction Gateway uses
cipher suites provided by the Java runtime
environment for the SSL protocol, the cipher suites available are
dependant on the Java version.
To determine which cipher suites are available for your version of Java, complete the following steps:
- Delete the ciphersuites parameter from your
configuration file
- Save the configuration file.
- Start CICS Transaction Gateway
If the SSL protocol is correctly configured and CICS Transaction
Gateway starts, a list of valid cipher suites is written to the Gateway
daemon information log. For more information, see the documentation
supplied with your Java runtime
environment Cipher suite information can be found in the Gateway
daemon information log and Java Client application trace.
This
parameter is in the SSL protocol parameters subsection
of the GATEWAY section
of the configuration file.
- Default value
- If this parameter is not specified, the default is that all available
cipher suites are available.