A fix is available
APAR status
Closed as new function.
Error description
Add support to CICS TS 5.5 for use of defaultciphers.xml on EXEC CICS WEB OPEN and EXEC CICS INVOKE SERVICE commands.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users * **************************************************************** * PROBLEM DESCRIPTION: Add support for defaultciphers.xml * * on EXEC CICS WEB OPEN and EXEC CICS * * INVOKE SERVICE commands * **************************************************************** A CICS application makes an outbound HTTPS request using an EXEC CICS WEB OPEN or EXEC CICS INVOKE SERVICE command. If the command does not specify a list of ciphers to use via the CIPHERS or URIMAP parameters, then CICS will use a default list of 2 digit ciphers. That list is currently 3538392F3233. If the target endpoint no longer supports any of the ciphers from the CICS default list the outbound request will fail. In many cases it is not easy or possible to update every affected CICS application to use a URIMAP and a suitable cipher file. This APAR was raised to provide a default cipher file to replace the default list of 2 digit ciphers.
Problem conclusion
Temporary fix
Comments
CICS has been updated to add support for a defaultciphers.xml file on EXEC CICS WEB OPEN and EXEC CICS INVOKE SERVICE commands. A sample defaultciphers.xml file is provided in the USSHOME/security/ciphers directory. It should be copied to the USSCONFIG/security/ciphers directory and customised to meet your security requirements. To make use of the defaultciphers.xml file you need to set the following feature toggle; com.ibm.cics.web.defaultcipherfile=true If the feature toggle is set then the defaultciphers.xml file will be processed during CICS initialization. If there is a problem with the file then message DFHWB0112 will be issued and CICS will revert to using the existing default list of 2 digit cipher suites. The CICS TS 5.5 documentation will be updated to describe the new feature toggle and document message DFHWB0112.
APAR Information
APAR number
PH45703
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
200
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-04-14
Closed date
2022-07-20
Last modified date
2022-08-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI81555
Modules/Macros
DFHMEWBC DFHMEWBE DFHMEWBK DFHWBCL DFHWBDM DFHWBDUF DFJ@H606
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R200 PSY UI81555
UP22/07/21 P F207
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
02 August 2022