2
3
names can be provided at the same
Internet Protocol (IP) address, which
you can manage using CICS system
commands. Static responses can be
provided for HTTP requests, formed
from a document template or hierarchi-
cal file system (HFS) file. This means
that you can write CICS application
programs to use a common protocol for
business-to-business (B2B) communi-
cation, control hardware or software
using HTTP, and access information in
non-Web browser HTTP applications.
Improved connected, but inactive,
sockets allow many more clients to
connect to each CICS system. Using
an internal pseudo-conversational
model, no CICS task resources are
consumed by sockets waiting for the
next message from a partner. Use of
this model simplifies managing task
resources within a CICS environment.
Improvements to SSL support
CICS Transaction Server, Version 3.1
introduces a range of improvements to
security. Besides its existing support
for Secure Sockets Layer (SSL),
Version 3.0, CICS Transaction Server
now supports the Transport Layer
Security (TLS), Version 1.0 protocol.
This includes support for the
Advanced Encryption Standard (AES)
cipher suites that offer 128-bit and
256-bit encryption.
Resource definitions for TCP/IP
service and CORBA Server are
enhanced to allow the user to specify
the precise list of cipher suites to be
used in the negotiation. This capability
is also included in the new uriMAP
resource definition. To support
management of these new capabilities
and resources, CICS Transaction
Server, Version 3.1 includes new
system programming interface
(SPI) commands.
CICS Transaction Server, Version 3.1
now supports certificate revocation
lists (CRLs) when negotiating with
clients, allowing any connections
using revoked certificates to be closed
immediately. A new transaction, CCRL,
is provided to update the CRL in the
Lightweight Directory Access Protocol
(LDAP) server. These negotiations
offer more flexibility. Now, you can
specify a minimum, as well as a
maximum, encryption level to negotiate
with particular users.
You can also specify whether session
IDs are shared across an IBM Parallel
Sysplex
®
environment, improving
the current use of the cache at the
address-space level. Caching enables
an SSL handshake to be optimized
based on a previous negotiation,
helping to improve the performance
of the connection setup.
An increased number of simultaneous
SSL connections can now be used,
as a result of the introduction of support
for pthreads within the IBM Language
Environment
®
enclave from which
system SSL is invoked. With this
support, your system can achieve
better throughput and improve the
support for new functions such as
Web services.
Support for mixed-case passwords
CICS Transaction Server, Version 3.1
now supports an underlying capability
for case-sensitive passwords. When
this capability is active, it is indicated
on the sign-on panel supplied by CICS
Transaction Server.
Improved user-ID checks
The revoked status of a user-ID or
group connection is now tested by
the EXEC CICS START USERID()
command at the time it is issued, so
that the issuer can be notified by the
USERIDERR command if applicable.
Application transformation
CICS Transaction Server, Version 3.1
includes enhancements that help
you extend existing applications and
develop new applications, using
contemporary programming
languages, constructs and tools.