A new attribute,
CIPHERS, has been added to the TCPIPSERVICE and CORBASERVER resource definitions.
It can also be specified in the new URIMAP resource definition. See
URIMAP resource definitions for
more information. The CIPHERS list of cipher suite codes is only used when
the sockets connection that is established for the resource uses the SSL or
TLS security protocols. For a TCPIPSERVICE definition, the CIPHERS list is
used for inbound socket connections. For a CORBASERVER definition, the CIPHERS
list is used for outbound socket connections.
- CIPHERS=value
- The value specifies a string of up to 56 hexadecimal digits that is interpreted
as a list of up to 28 2-digit cipher suite codes. The list of acceptable codes
is dependent on the ENCRYPTION system initialization parameter.
- For ENCRYPTION=WEAK, the default value is 03060102
- For ENCRYPTION=MEDIUM, the default value is 0903060102
For ENCRYPTION=STRONG, the default value is 0504352F0A0903060201
You can reorder the cipher codes or remove them from the default list.
However, you cannot add cipher codes that are not in the default list for
the specified encryption level. The ENCRYPTION system initialization parameter
determines the cipher suite codes that are allowed for each encryption level.
The
PRIVACY attribute of the TCPIPSERVICE resource definition reflects the CIPHERS
attribute value. Since the default value of the CIPHERS attribute is the complete
list of cipher suites, removing some of the cipher codes can change the PRIVACY
attribute.
- If you remove cipher suites 01 and 02 to specify that CICS® should only
negotiate with clients that have encryption, the PRIVACY attribute value changes
to REQUIRED.
- If you remove all of the cipher suites except cipher suites 01 and 02
to specify that CICS should
only negotiate with clients that have no encryption, the PRIVACY attribute
changes to NOTSUPPORTED.
- If you have any other combination of cipher suites specified, including
the default, the PRIVACY attribute value is SUPPORTED.
Similar constraints apply to the OUTPRIVACY attribute of the CORBASERVER
resource definition.