CICS supports the Secure Sockets Layer and Transport Layer
Security protocols.
Specifically, CICS supports TLS 1.0, TLS 1.1,
and TLS 1.2. For more details of these protocols, see the relevant
RFC:
- TLS 1.0: RFC 2246
- TLS 1.1: RFC 4346
- TLS 1.2: RFC 5246
By default, SSL 3.0 (described in RFC 6101) is not supported.
If you have clients that still require this protocol, you can enable
support for it by specifying the system initialization parameter ENCRYPTION=SSLV3 for the CICS® region. SSL 3.0 should only be used for a migration period
while clients that still require this protocol are upgraded. Any connections
that require encryption automatically use the TLS protocol, unless
the client specifically requires SSL 3.0.
Note: The term SSL is used to refer to both the Secure Sockets Layer
and Transport Layer Security protocols in the documentation, except
where a specific point about either protocol is required.
The main features of the security protocols are:
- Privacy
- The data to be exchanged between the client and the server is
encrypted. See SSL encryption for more
information.
- Integrity
- Data which is transmitted using the SSL protocols is protected
against tampering by a message authentication code (MAC). The
MAC is computed from the data contents using a secure hashing algorithm
and transmitted with the data. It is computed again by the receiver,
and compared with the value transmitted by the sender. A mismatch
between the two values of the MAC indicates that the data may have
been tampered with.
- Authentication
- SSL uses digital certificates to authenticate servers to clients,
and, optionally, clients to servers.