You can specify the ciphers in a USS .xml file, the path is set by USSCONFIG and the file name is in the CICS CIPHERS parameter (which can be a list of 2 digit cipher codes or the file name). Good luck, CICS 3.1 is 5 years out of support so it won't have PTFs for anything newer in TLS. Most likely the ciphers you are trying to use are not supported once out of service.
On Fri, Sep 4, 2020 at 4:15 AM Gibney, Dave <[email protected]> wrote: > First of all, I know that CICS 3.1 is is very far and away out of > service. My CICS Sysprog retired over a decade ago, I only fake knowledge > of CIS when it becomes a necessity. > SystemSSL in z/OS 2.3 has changed the defaults and available ciphers. This > is a good thing security wise. But, I can't seem to specify tls 1.2 or 1.3 > ciphers via the 3.1 CEDA panels. > I am thinking I might be able to slip in around the CICS definitions via > gsk environment variables. > I am asking for your collective thoughts and suggestions. > > Widely x-posted > > Dave Gibney > Information Technology Services > Washington State University > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
