ENCRYPTION (DEPRECATED)
The ENCRYPTION system initialization parameter specifies the cipher suites that CICS® uses for secure TCP/IP connections.
- ENCRYPTION={ALL|TLS12|STRONG}
- When a secure connection is established between a pair of processes, the most secure cipher
suite that is supported by both is used. The ENCRYPTION system initialization parameter has been deprecated. Use the MINTLSLEVEL system initialization parameter instead. For more information about the MINTLSLEVEL system initialization parameter, see MINTLSLEVEL. If you specify the ENCRYPTION parameter, it will be treated as MINTLSLEVEL:
ENCRYPTION=STRONG
will be treated asMINTLSLEVEL=TLS10
. This is the default.Note: A change in behavior might occur if the client does not handle the negotiation of TLS levels correctly. If this causes a problem, delete the ENCRYPTION parameter and useMINTLSLEVEL=TLS10ONLY
instead.ENCRYPTION=ALL
will be treated asMINTLSLEVEL=TLS11
.Note: A change in behavior might occur if the client supports only TLS 1.0. If this causes a problem, delete the ENCRYPTION parameter and useMINTLSLEVEL=TLS10
instead.ENCRYPTION=TLS12
will be treated asMINTLSLEVEL=TLS12
- ALL
- Allows the use of TLS version 1.1 and 1.2 in addition to the protocols allowed by STRONG.
- TLS12
- Sets the level of TLS to 1.2.
- STRONG
- Sets the level of TLS to 1.0 only. This is the default value.
For more information about cipher suites, see Cipher suites and cipher suite specification files.
CICS can use only the cipher suites that are supported by the underlying z/OS® operating system.
To apply FIPS 140-2 standards, set ENCRYPTION=TLS12 and NISTSP800131A=CHECK. If NISTSP800131A=CHECK is set but ENCRYPTION is set to a value other than TLS12, it is overridden to ENCRYPTION=TLS12 and a warning message is issued.
To apply FIPS 140-2 standards on z/OS Version 2 Release 1 or later, ICSF (Integrated Cryptographic Services Facility) must be active on your system.
For more information about NIST SP800-131A conformance, see Making your CICS TS system conformant to NIST SP800-131A.