CCISSL SECURITY CONCERN USING SSL3

Document ID : KB000029448
Last Modified Date : 14/02/2018
Show Technical Document Details

DESCRIPTION:

You have been told that all processes using SSL3 must be upgraded to use the TLS security protocol. You would like to know if you just need to specify PROT=TLS in CCISSL to accomplish this, and what can be expected by making this change.

From the CA COMMON SERVICES 14.1 REFERENCE GUIDE, page 150:

  PROT=

  Specifies which security protocols are enabled:

  SSL - Only SSL Version 3 (default)

  TLS - Only TLS Version 1

  SSL/TLS | TLS/SSL | S/T | T/S | BOTH - Both SSL Version 3 and TLS Version 1 are enabled.

 

With this keyword value not specified in the CCLSSL proc, you are running with SSL Version 3 (default).

 

RESOLUTION:

The change that needs to be made now is to add TLS. Update the PARM= statement included on the EXEC PGM= card. Add PROT=TLS and save your changes.

The above change will be transparent to you, and no additional changes need to be made.

To activate the above change, stop/start the CCISSL task (e.g. P CCISSL). The task will automatically be restarted by CAIENF.