Support for security protocols
CICS supports the Secure Sockets Layer and Transport Layer Security protocols.
Specifically, CICS supports TLS 1.0, TLS 1.1, and TLS
1.2. For more details of these protocols, see the relevant RFC:
- TLS 1.0: RFC 2246
- TLS 1.1: RFC 4346
- TLS 1.2: RFC 5246
By default, SSL 3.0 (described in RFC 6101) is not supported.
If you have clients that still require this protocol, you can enable
support for it by specifying the system initialization parameter ENCRYPTION=SSLV3 for the CICS® region. SSL 3.0 should only be used for a migration period
while clients that still require this protocol are upgraded. Any connections
that require encryption automatically use the TLS protocol, unless
the client specifically requires SSL 3.0.
Note: The term SSL is used to refer to both the Secure Sockets Layer
and Transport Layer Security protocols in the documentation, except
where a specific point about either protocol is required.
The main features of the security protocols are:
- Privacy
- The data to be exchanged between the client and the server is encrypted. See SSL encryption for more information.
- Integrity
- Data which is transmitted using the SSL protocols is protected against tampering by a message authentication code (MAC). The MAC is computed from the data contents using a secure hashing algorithm and transmitted with the data. It is computed again by the receiver, and compared with the value transmitted by the sender. A mismatch between the two values of the MAC indicates that the data may have been tampered with.
- Authentication
- SSL uses digital certificates to authenticate servers to clients and, optionally, clients to servers.