System initialization parameters for SSL

The following system initialization parameters relate to SSL:
Start of changeCRLPROFILEEnd of change
Start of changeSpecifies the name of the profile that authorizes CICS to access certificate revocation lists that are stored in an LDAP server. For more information about certificate revocation lists and setting up this profile, see Configuring an LDAP server for CRLs.End of change
ENCRYPTION
Specifies the cipher suites that CICS® uses for secure TCP/IP connections. When a secure connection is established between a pair of processes, the most secure cipher suite supported by both is used. For more information about cipher suites, see Cipher suites.
KEYRING
Specifies the name of a key ring in the RACF® database that contains keys and certificates used by CICS. It must be owned by the CICS region userid. You can create an initial key ring with the DFH$RING exec in CICS2T1.CICS.SDFHSAMP.
Start of changeMAXSSLTCBSEnd of change
Start of changeSpecifies the maximum number of S8 TCBs that are available to CICS to process secure sockets layer connections. This value is a number in the range 0 through 999, and has a default value of 8. The S8 TCBs are created and managed in the SSL pool. An S8 TCB is only used by a task for the duration of the SSL processing. This parameter replaces the now obsolete SSLTCBS system initialization parameter.End of change
Start of changeSSLCACHEEnd of change
Start of changeSpecifies whether CICS should use the local SSL cache in the CICS region, or share the cache across multiple CICS regions by using the coupling facility. Caching across a sysplex can only take place when the regions accept SSL connections at the same IP address.End of change
SSLDELAY
Specifies the length of time in seconds for which CICS retains session IDs for secure socket connections in a local CICS region. Session IDs are tokens that represent a secure connection between a client and an SSL server. While the session ID is retained by CICS within the SSLDELAY period, CICS can continue to communicate with the client without the significant overhead of an SSL handshake. The value is a number of seconds in the range 0 through 86400. The default value is 600.