There are changes to the implementation of S8 TCBs to improve the number and performance of SSL connections in CICS®.
CICS uses the open transaction environment (OTE) to manage SSL connections. Each SSL connection uses an S8 TCB, which now runs as a UNIX pthread. There is also a new open TCB mode called SP, that is used for socket pthread owning tasks. All of the S8 TCBs run within a single enclave, which is owned by the SP TCB and also contains the SSL cache. This provides the benefit of saving storage below the line, allowing many more simultaneous SSL connections in CICS than previous releases.
The S8 TCBs are contained in an SSL pool, which is managed by the CICS dispatcher. The S8 TCBS are allocated from the new SSL pool, but are only locked to a transaction for the period that it needs to perform SSL functions. After the SSL negotiation is complete, the TCB is released back into the SSL pool to be reused. The MAXSSLTCBS system initialization parameter specifies the maximum number of S8 open TCBs in the SSL pool. The default value is 8, but you can specify up to 1024.
You can monitor the performance of the SSL pool and the S8 TCBs using the dispatcher reports from DFH0STAT and DFHSTUP. The statistics include information on how often the maximum number of S8 TCBs are reached, the delay before a TCB is allocated and the actual number of TCBs in the SSL pool.