dfhe4_overview.html |
Last updated: Thursday, 27 June 2019A cipher suite is selected during the SSL handshake between a TCP/IP client and server, and it is used for encrypting and decrypting data flowed over the SSL connection. CICS now stores the code for the selected cipher suite in the SMF 110 performance records that relate to an SSL inbound connection.
You can check which cipher suites are being selected for SSL inbound connections from each CICS® region. The performance data field SOCIPHER (320) in the DFHSOCK group shows the code for the cipher suite that was used for each SSL inbound connection. Use this information to identify any cipher suites that are offered by the CICS region but are not being selected for SSL connections. You can also identify any less efficient or less secure cipher suites that are being selected for SSL connections, but that you would prefer to eliminate.
You can customize the list of cipher suites that are offered by a CICS region by modifying the CIPHERS attribute in the resource definitions TCPIPSERVICE, IPCONN, and URIMAP. You can remove cipher suites from the list, and place them in an order of preference.
Last updated: Thursday, 27 June 2019