Changes to the system programming interface

The EXEC CICS commands INQUIRE TCPIPSERVICE, INQUIRE CORBASERVER and the new command INQUIRE URIMAP now include two security options.

CIPHERS(char56)
Start of changeReturns the list of cipher suites that is specified in the attribute CIPHERS for the resource definitions TCPIPSERVICE, CORBASERVER and URIMAP. This list of cipher suites are used to negotiate SSL connections. For example, if you were using weak encryption, the default value would be 03060102.End of change
NUMCIPHERS(halfword)
Returns the number of cipher suites that are used to negotiate encryption levels as part of the SSL handshake.

Start of changeThe EXEC CICS command INQUIRE TCPIP also has two security options.End of change

Start of changeCRLPROFILE(char246)End of change
Start of changeReturns the name of the RACF profile that is specified in the CRLPROFILE system initialization parameter. The RACF profile contains the LDAP server name, userid and password that CICS should use to access the certificate revocation lists.End of change
SSLCACHE(cvda)
returns a CVDA value indicating which cache is being used by SSL to store session ids. CVDA values are:
CICS
The local SSL cache for the CICS® region is being used by SSL
SYSPLEX
The SSL cache in the coupling facility is being used by SSL.

There are changes to the INQUIRE DISPATCHER and SET DISPATCHER commands to handle the SSL TCB pool. The following two options have been added:

MAXSSLTCBS(fullword)
returns the maximum number of S8 TCBs allowed in the SSL pool, as specified in the MAXSSLTCBS system initialization parameter.
ACTSSLTCBS(fullword)
returns the actual number of S8 TCBs in the SSL pool.