Use the ciphersuites parameter
to restrict the set of cipher suites that can be used with the SSL
protocol.
ciphersuites=<name>- Description
- Specify the cipher suites that Java™ Client
applications can use to connect to the CICS® Transaction Gateway. You
can define multiple cipher suites by separating them with a comma.
If the Java Client application
does not support any of the cipher suites listed, it cannot connect
to the CICS Transaction Gateway.
If no cipher suite is specified or the parameter is omitted, all available
cipher suites can be used. Because CICS Transaction Gateway uses
cipher suites provided by the Java runtime
environment for the SSL protocol, the cipher suites available are
dependant on the Java version.
To determine which cipher suites are available for your version of Java, complete the following steps:
- Delete the ciphersuites parameter from your
configuration file
- Save the configuration file.
- Start CICS Transaction Gateway
If the SSL protocol is correctly configured and CICS Transaction
Gateway starts, a list of valid cipher suites is written to the Gateway
daemon information log. For more information, see the documentation
supplied with your Java runtime
environment Cipher suite information can be found in the Gateway
daemon information log and Java Client application trace.
This parameter is in the SSL protocol parameters subsection of the GATEWAY section of the configuration file.
- Default value
- If this parameter is not specified, the default is that all available
cipher suites are available.
- Configuration Tool
- In the Configuration Tool, you can set the value of ciphersuites in
the Use only these ciphers field in the SSL
settings page. Enter the cipher suite name in the field,
and then click Add to add it to the list. To
remove a cipher suite, select the suite in the list and click Remove.