ENCRYPTION (DEPRECATED)

The ENCRYPTION system initialization parameter specifies the cipher suites that CICS® uses for secure TCP/IP connections.

ENCRYPTION={ALL|TLS12|STRONG}
When a secure connection is established between a pair of processes, the most secure cipher suite that is supported by both is used.
The ENCRYPTION system initialization parameter has been deprecated. Use the MINTLSLEVEL system initialization parameter instead. For more information about the MINTLSLEVEL system initialization parameter, see MINTLSLEVEL. If you specify the ENCRYPTION parameter, it will be treated as MINTLSLEVEL:
  • ENCRYPTION=STRONG will be treated as MINTLSLEVEL=TLS10. This is the default.
    Note: A change in behavior might occur if the client does not handle the negotiation of TLS levels correctly. If this causes a problem, delete the ENCRYPTION parameter and use MINTLSLEVEL=TLS10ONLY instead.
  • ENCRYPTION=ALL will be treated as MINTLSLEVEL=TLS11.
    Note: A change in behavior might occur if the client supports only TLS 1.0. If this causes a problem, delete the ENCRYPTION parameter and use MINTLSLEVEL=TLS10 instead.
  • ENCRYPTION=TLS12 will be treated as MINTLSLEVEL=TLS12
ALL
Allows the use of TLS version 1.1 and 1.2 in addition to the protocols allowed by STRONG.
TLS12
Sets the level of TLS to 1.2.
STRONG
Sets the level of TLS to 1.0 only. This is the default value.

For more information about cipher suites, see Cipher suites and cipher suite specification files.

CICS can use only the cipher suites that are supported by the underlying z/OS® operating system.

To apply FIPS 140-2 standards, set ENCRYPTION=TLS12 and NISTSP800131A=CHECK. If NISTSP800131A=CHECK is set but ENCRYPTION is set to a value other than TLS12, it is overridden to ENCRYPTION=TLS12 and a warning message is issued.

To apply FIPS 140-2 standards on z/OS Version 2 Release 1 or later, ICSF (Integrated Cryptographic Services Facility) must be active on your system.

For more information about NIST SP800-131A conformance, see Making your CICS TS system conformant to NIST SP800-131A.