The CICS ENCRYPTION parameter within the System Initialization Table (SIT) can be set to STRONG|WEAK|MEDIUM, what impact does this have on the digital certificates stored in the ACF2 database?

Document ID : KB000053992
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

The client and the server communicate using the highest level of security that they both support. The ENCRYPTION levels are WEAK, MEDIUM and STRONG.

Solution

The CICS ENCRYPTION system initialization table parameter specifies the level of encryption that CICS must use.

When an SSL connection is established, the client and the server exchange information about which encryption levels(cipher suites) they have in common such as STRONG|WEAK|MEDIUM. The CICS encryption level pertains to the establishment of the SSL handshake between the client and server rather than the format of the digital certificates stored in the ACF2 database. Therefore the ENCRYPTION parameter does not have any effect on the data stored in the CA ACF2 database. Its only requirement is that certificates WILL be required.

See IBM's "Securing Access to CICS Within an SOA" redbook for details on CICS encryption levels - section 4.3.4 Cipher Suites.