Use only these ciphers

Use the ciphersuites parameter to restrict the set of cipher suites that can be used with the SSL protocol.

ciphersuites=<name>
Description
Specify the cipher suites that Java™ Client applications can use to connect to the CICS® Transaction Gateway. You can define multiple cipher suites by separating them with a comma. If the Java Client application does not support any of the cipher suites listed, it cannot connect to the CICS Transaction Gateway. If no cipher suite is specified or the parameter is omitted, all available cipher suites can be used. Because CICS Transaction Gateway uses cipher suites provided by the Java runtime environment for the SSL protocol, the cipher suites available are dependant on the Java version. To determine which cipher suites are available for your version of Java, complete the following steps:
  1. Delete the ciphersuites parameter from your configuration file
  2. Save the configuration file.
  3. Start CICS Transaction Gateway
If the SSL protocol is correctly configured and CICS Transaction Gateway starts, a list of valid cipher suites is written to the Gateway daemon information log. For more information, see the documentation supplied with your Java runtime environment

Cipher suite information can be found in the Gateway daemon information log and Java Client application trace.

This parameter is in the SSL protocol parameters subsection of the GATEWAY section of the configuration file.

Default value
If this parameter is not specified, the default is that all available cipher suites are available.

Reference Reference

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tgzos_latest/help/topic/com.ibm.cics.tg.zos.doc//ctgzos/ccl11rss01.html