Changes to resource definition

TCPIPSERVICE and CORBASERVER definitions

A new attribute, CIPHERS, has been added to the TCPIPSERVICE and CORBASERVER resource definitions. It can also be specified in the new URIMAP resource definition. See URIMAP resource definitions for more information. The CIPHERS list of cipher suite codes is only used when the sockets connection that is established for the resource uses the SSL or TLS security protocols. For a TCPIPSERVICE definition, the CIPHERS list is used for inbound socket connections. For a CORBASERVER definition, the CIPHERS list is used for outbound socket connections.
CIPHERS=value
The value specifies a string of up to 56 hexadecimal digits that is interpreted as a list of up to 28 2-digit cipher suite codes. The list of acceptable codes is dependent on the ENCRYPTION system initialization parameter.
  • For ENCRYPTION=WEAK, the default value is 03060102
  • For ENCRYPTION=MEDIUM, the default value is 0903060102
  • Start of changeFor ENCRYPTION=STRONG, the default value is 0504352F0A0903060201End of change

You can reorder the cipher codes or remove them from the default list. However, you cannot add cipher codes that are not in the default list for the specified encryption level. The ENCRYPTION system initialization parameter determines the cipher suite codes that are allowed for each encryption level.

The PRIVACY attribute of the TCPIPSERVICE resource definition reflects the CIPHERS attribute value. Since the default value of the CIPHERS attribute is the complete list of cipher suites, removing some of the cipher codes can change the PRIVACY attribute.
  • If you remove cipher suites 01 and 02 to specify that CICS® should only negotiate with clients that have encryption, the PRIVACY attribute value changes to REQUIRED.
  • If you remove all of the cipher suites except cipher suites 01 and 02 to specify that CICS should only negotiate with clients that have no encryption, the PRIVACY attribute changes to NOTSUPPORTED.
  • If you have any other combination of cipher suites specified, including the default, the PRIVACY attribute value is SUPPORTED.
Similar constraints apply to the OUTPRIVACY attribute of the CORBASERVER resource definition.