Feature toggles

Feature toggles make it easier for you to make the configuration changes that are necessary to enable new capabilities, particularly for capabilities that are delivered between releases of CICS® TS. This page lists the feature toggles available in CICS TS 5.5.

Feature toggles for CICS Transaction Server for z/OS®

Feature toggle
Capability
com.ibm.cics.bms.ids={true|false}
Allows CICS to detect if a 3270 emulator has invalidly modified a protected field generated by a BMS map.
Find out more: BMS 3270 Intrusion Detection Service
com.ibm.cics.cmci.jvmserver={true|false}
Allows you to set up the CMCI without the CMCI JVM server.
Find out more: Setting up CMCI with CICSPlex SM
com.ibm.cics.container.hash={true|false}
Allows you to revert to the ordering of returned containers that was provided before CICS TS 5.5.
Find out more: Designing a channel: Best practices
com.ibm.cics.cpsm.bas.largecicsplex={true|false}
Allows you to constrain large resource deployments lists for BAS to a single data space instead of spreading across multiple data spaces.
com.ibm.cics.cpsm.wlm.botrsupd.enabled={true|false}
Allows you to disable updates to the Coupling Facility when the task load falls below the lower tier threshold of the CICSPlex® SM tuning parameter, BOTRSUPD.
Find out more: Region status server, bottom-tier parameter (BOTRSUPD)
com.ibm.cics.cpsm.wlm.surgeresist={true|false}
When applied to CICSPlex SM WLM routing regions, this feature toggle takes effect for the QUEUE and GOAL WLM algorithms when using CICSPlex SM sysplex optimized workload routing. It has no effect when applied to target regions.
When the feature toggle is set to true, surges of extremely high frequency, short duration transactions can be mitigated by reducing the likelihood that recently selected target regions are reselected. Enabling this feature toggle increases the average routing cost per transaction, but restores the routing behavior of CICSPlex SM before APAR PH30768 is applied.
Find out more: Learn more about the changes to CICSPlex SM sysplex optimized workload routing behavior in What's New.
com.ibm.cics.db2.origindata={true|false}
Enables or disables the passing of adapter origin data to Db2® for adapter tracking.
Find out more: Transaction tracking
com.ibm.cics.db2.sharelocks={true|false}
Allows you to enable the CICS Db2 share locks feature.
com.ibm.cics.ds.freeussprocesses={true|false}
This feature toggle is intended for use only under guidance from IBM® Support. Relates to the handling of USS processes.
com.ibm.cics.http.options.handler={program_name}
Allows you to specify the name of the HTTP Options handler program.
Find out more: HTTP method reference for CICS web support
com.ibm.cics.rls.delete.ridfld={true|false}
To support migration from non-RLS to RLS access mode, allows you to achieve the local VSAM CILOCK=NO behavior for RLS files. This avoids the potential of AFCG abends when you use DELETE RIDFLD on RLS files.
Find out more: VSAM RLS
com.ibm.cics.spool.defaultjobuser={region|task}
Allows you to change the default job user ID of a JOB card that is written using a SPOOLWRITE command without a USER parameter (the default is the CICS region ID) to be the signed-on user ID.
Find out more: User ID used for JCL job submission when no job user ID is specified on the job card
com.ibm.cics.spool.surrogate.check={true|false}
Enables surrogate user checking for spool commands.
Find out more: Surrogate user checking for spool commands in job submissions to the JES internal reader
com.ibm.cics.tls.minimumkeystrength={1024|2048}

If the feature toggle value is set to 2048 CICS will use a minimum key size of 256 for ECC keys and 2048 for RSA, DSA and Diffie-Hellman keys during TLS handshakes.

CICS will use a minimum key size of 256 for ECC keys and 2048 for RSA, DSA and Diffie-Hellman keys during TLS handshakes.

The following System SSL settings will be in effect:

GSK_CLIENT_ECURVE_LIST=00250024002300300029

GSK_SERVER_ALLOWED_KEX_ECURVES=00250024002300300029

GSK_CLIENT_EPHEMERAL_DH_GROUP_SIZE=2048

GSK_SERVER_EPHEMERAL_DH_GROUP_SIZE=2048

GSK_PEER_DH_MIN_KEY_SIZE=2048

GSK_PEER_DSA_MIN_KEY_SIZE=2048

GSK_PEER_ECC_MIN_KEY_SIZE=256

GSK_PEER_RSA_MIN_KEY_SIZE=2048

If the feature toggle value is set to 1024 or is not set, then the System SSL default values will be used for the key sizes and set of elliptical curves. For more information about the SSL default values, see gsk_environment_open() in z/OS documentation.

com.ibm.cics.web.defaultcipherfile={true|false}
Allows CICS to use a default set of ciphers from a cipher file called defaultciphers.xml, instead of the current default list of 2-digit ciphers (3538392F3233). This capability allows a greater set of ciphers to be used for outbound requests without having to create a URIMAP for each potential endpoint.
The use of a default cipher file applies to outbound HTTPS requests that are made using EXEC CICS WEB OPEN or EXEC CICS INVOKE SERVICE commands, where those commands do not already specify a set of ciphers to use through the CIPHERS or URIMAP parameter.
The defaultciphers.xml file must exist in the USSCONFIG/security/ciphers directory. A sample defaultciphers.xml file is supplied in the USSHOME/security/ciphers directory. Copy this file to the USSCONFIG/security/ciphers directory and customize it for your security requirements.
If the feature toggle is enabled but there is a problem with the defaultciphers.xml file, message DFHWB0112 is issued and CICS reverts to using the default list of 2-digit ciphers.
com.ibm.cics.web.hsts.max-age=seconds
Activates and sets HTTP strict transport security (HSTS) for a CICS region. See Support for HTTP strict transport security (HSTS).
com.ibm.cics.web.hsts.includesubdomains={true|false}
Controls whether to extend HSTS to the sub-domains of the CICS server. See Support for HTTP strict transport security (HSTS).
com.ibm.cics.web.hsts.max-age.TCPIPS={seconds|-1}
Sets HSTS for an individual TCPIPSERVICE to override the region wide setting. See Support for HTTP strict transport security (HSTS).
com.ibm.cics.web.hsts.includesubdomains.TCPIPS={true|false}
Controls whether to extend HSTS to the sub-domains of the specified TCPIPSERVICE. See Support for HTTP strict transport security (HSTS).