IBM Support

CICS SSL and z/OS Communications Server feature Application Transparent Transport Layer Security (AT-TLS)

Troubleshooting


Problem

You want to set up SSL (Secure Socket Layer) communications for an application that uses CICS. You attempt to secure the communications on the TCP/IP port using Application Transparent Transport Layer Security (AT-TLS). You are unable to get SSL communications to work.

Cause

CICS can not use AT-TLS.

Diagnosing The Problem

AT-TLS came out in z/OS V1R7. Part of its goal was to allow applications to use SSL security without any application code changes. In that way, it is transparent to the application. However, if the application has already been modified to use its own SSL security, AT-TLS is not needed and will most likely cause a problem because you will have double SSL being done, and neither side will be able to handle it. In this scenario, CICS is considered an "application". CICS enabled its own support for SSL many releases ago.

Resolving The Problem

Enable SSL security within CICS using the documented steps in the CICS information center section Configuring CICS to use SSL.

[{"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Secure Sockets Layer","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"5.1;4.2;4.1;3.2","Edition":"","Line of Business":{"code":"LOB70","label":"Z TPS"}}]

Product Synonym

CICS/TS CICS TS CICS Transaction Server

Document Information

Modified date:
05 January 2026

UID

swg21621769