The CICS ENCRYPTION parameter within the System Initialization Table (SIT) can be set to STRONG|WEAK|MEDIUM, what impact does this have on the digital certificates stored in the ACF2 database?
search cancel

The CICS ENCRYPTION parameter within the System Initialization Table (SIT) can be set to STRONG|WEAK|MEDIUM, what impact does this have on the digital certificates stored in the ACF2 database?

book

Article ID: 53992

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

The client and the server communicate using the highest level of security that they both support. The ENCRYPTION levels are WEAK, MEDIUM and STRONG.

 

 

Environment

Release:
Component: ACF2MS

Resolution

The CICS ENCRYPTION system initialization table parameter specifies the level of encryption that CICS must use.

When an SSL connection is established, the client and the server exchange information about which encryption levels(cipher suites) they have in common such as STRONG|WEAK|MEDIUM. The CICS encryption level pertains to the establishment of the SSL handshake between the client and server rather than the format of the digital certificates stored in the ACF2 database. Therefore the ENCRYPTION parameter does not have any effect on the data stored in the CA ACF2 database. Its only requirement is that certificates WILL be required.

See IBM's "Securing Access to CICS Within an SOA" redbook for details on CICS encryption levels - section 4.3.4 Cipher Suites.

Powered by Wolken Software