The ENCRYPTION system initialization parameter specifies the protocols that CICS uses for secure TCP/IP connections.
The protocols determine which cipher suites can be used. Protocols for TLS 1.1 can only be entered by using XML files that are associated with the resource definition. For more information, see SSL cipher suite specification file.
For more information about cipher suites, see Cipher suites.
CICS can use only the cipher suites that are supported by the underlying z/OS operating system.
If you specify ENCRYPTION=TLS12FIPS, you must use a NIST-compliant certificate. For more information, see Making your CICS TS system compliant with NIST SP800-131A.
To use TLS12FIPS with z/OS Version 2 Release 1 or later, ICSF (Integrated Cryptographic Services Facility) must be active on your system. If you have not already done so, apply APAR OA14956 to z/OS.