Creating an SSL cipher suite specification file
You can create an SSL cipher suite specification file to specify a list of cipher suites to be used by SSL. If SSL is used for TCP/IP connections, you can specify the name of cipher suite specification file in the CIPHERS attribute for resources that define TCP/IP connections.
Procedure
Results
You have created a cipher suite specification file. An SSL cipher suite file can be used by multiple resources. The first time when a resource that uses a specification file is installed, the file is read from zFS and parsed. Any errors are flagged during this parse. If the file is valid, the resource is installed and the cipher information is stored in a new control block that is associated with the file. When subsequent resources that use the same cipher file are installed, cached information in the control block is used.
What to do next
If you want to update the list of cipher suites in a cipher suite specification file, you can
edit the file directly, but you must restart CICS for the
updated list to take effect. The file is reread for any type of start, whether the
START system initialization parameter is set to INITIAL
,
COLD
, or AUTO
.
- Create a new cipher suite specification file. Ensure that the file name has not been loaded by this CICS system.
- Update the existing resource definition to refer to the new file. For example, issue a
CREATE TCPIPSERVICE command with
CIPHERS(newciphers.xml)
specified. - Reinstall the resource definition.