The TCP/IP service definition attribute descriptions are:
Values other than NOTAPPLIC apply only when PROTOCOL(ECI) is specified.
When PROTOCOL(HTTP) is specified:
When the end user has been successfully authenticated, the user ID supplied identifies the client.
When the end user has been successfully authenticated, the user ID associated with the certificate identifies the client.
When PROTOCOL(IIOP) is specified:
When the end user has been successfully authenticated, the user ID associated with the certificate identifies the client.
For the IIOP protocol, the IIOP user-replaceable program may supply a user ID if the authentication process does not supply one; if the user-replaceable program does not supply one, the default user ID is used.
Certificate labels can be up to 32 bytes long.
The certificate must be stored in a key ring in the external security manager's database. For more information, see CICS RACF Security Guide.
This attribute cannot be specified unless SSL(YES) or SSL(CLIENTAUTH) is also specified.
The default is blank.
Ciphers is valid only on CICS Transaction Server 3.1 and later systems. More information is provided in the table showing the cipher suites supported by z/OS and CICS, see CICS RACF Security Guide.
More than one TCP/IP service may specify the same group name. The register call is made to WLM when the first service with a specified group name is opened. Subsequent services with the same group name do not cause more register calls to be made. The deregister action is dictated by the GRP Critical attribute. It is also possible to explicitly deregister CICS from a group by issuing a master terminal or SPI command.
The well-known ports are those from 0 through 1023. It is advisable to use well known port numbers only for those services to which they are normally assigned. The well known ports for services supported by CICS are:
You should take care to resolve conflicts with any other servers on the same MVS™ image that might use the well-known ports.
Port sharing has to be enabled for any port that you want to share across CICS systems within an MVS image. For more information, see CICS Performance Guide
This attribute applies only when PROTOCOL(IIOP) is specified.
During the SSL handshake, the client and server advertise which cipher suites they support, and, from those they both support, select the suite that offers the most secure level of encryption. For more information about cipher suites, see CICS RACF Security Guide.