There are a range of benefits that come from the improvements to security.
CICS® now supports the Transport Layer Security (TLS) 1.0 protocol as well as SSL 3.0, allowing you to use the new AES cipher suites that offer 128-bit and 256-bit encryption.
There are improvements to the performance of SSL to support new functions such as Web Services. The number of simultaneous SSL connections that can be used in the system at one time has increased to achieve better throughput.
There is more flexibility in controlling the encryption negotiation between client and server. You can specify a minimum as well as a maximum encryption level in CICS for negotiating with particular users.
CICS can now check all certificates against a certificate revocation list (CRL) when negotiating with clients. Any connections using revoked certificates are closed immediately.
You can specify whether you want to share session IDs across a sysplex by using the SSL cache. CICS performs a partial SSL handshake if the client has negotiated with CICS previously. Sharing the cache across a number of CICS regions improves the performance of SSL negotiation and connection throughput.