A fix is available
APAR status
Closed as program error.
Error description
APAR to provide SP800-131A strict support in CICS TG.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of CICS TG V9.0 for z/OS. * **************************************************************** * PROBLEM DESCRIPTION: APAR to provide SP800-131A strict * * support in CICS TG. * **************************************************************** * RECOMMENDATION: * **************************************************************** This APAR provides SP800-131A strict support in CICS TG.
Problem conclusion
The "SP800-131A compliance" section in the CICS TG V9.0 Information Center has been updated to the following: SP800-131A compliance SP800-131A compliance strengthens security by requiring the use of stronger cryptographic keys and more robust algorithms. To specify that SP800-131A transition or strict compliance is required, set the Java system property com.ibm.jsse2.sp800-131 as follows: com.ibm.jsse2.sp800-131=<transition|strict|off> Set the property for the Java client application in local mode and the Gateway daemon in remote mode. For strict support on an SSL connection between a Java client application and the Gateway daemon, both the Java client application and Gateway must specify com.ibm.jsse2.sp800-131=strict. Additionally, for strict support with .NET clients, the SslGatewayConnection property must be configured to use TLS 1.2. This property can be set with the EnabledSslProtocols property or CtgSslProtocols application configuration setting. If using Cipher suites that use AES_256 then the Gateway daemon JVM must be updated with the Unrestricted JCE policy files placed in the directory. To obtain the Unrestricted JCE policy files and for more information, see IBM SDK Policy Files. CICS Transaction Gateway supports SP800-131a strict mode on IPIC SSL connections in local and remote mode to CICS Transaction Server and TXSeries versions which also support SP800-131a strict mode. This includes support for requests from WebSphere Application Server using the CICS ECI resource adapter. For more information, see the National Institute of Standards and Technology (NIST) Special Publications 800-131a at http: //csrc.nist.gov/publications/nistpubs/800-131A/SP800-131A.pdf
Temporary fix
Comments
APAR Information
APAR number
PM98779
Reported component name
CTG V9 FOR Z/OS
Reported component ID
5655Y2000
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2013-10-10
Closed date
2013-10-15
Last modified date
2013-11-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK98510
Modules/Macros
CTG00199 CTG00201 CTG00204
SC34284300 |
Fix information
Fixed component name
CTG V9 FOR Z/OS
Fixed component ID
5655Y2000
Applicable component levels
R900 PSY UK98510
UP13/10/25 P F310
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMJ2","label":"CICS Transaction Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
08 August 2024