IBM 3.1 manual Improvements to SSL support, Improved user-ID checks, Application transformation

names can be provided at the same Internet Protocol (IP) address, which you can manage using CICS system commands. Static responses can be provided for HTTP requests, formed from a document template or hierarchi- cal file system (HFS) file. This means that you can write CICS application programs to use a common protocol for business-to-business (B2B) communi- cation, control hardware or software using HTTP, and access information in non-Web browser HTTP applications.

Improved connected, but inactive, sockets allow many more clients to connect to each CICS system. Using an internal pseudo-conversational model, no CICS task resources are consumed by sockets waiting for the next message from a partner. Use of this model simplifies managing task resources within a CICS environment.

Improvements to SSL support

CICS Transaction Server, Version 3.1 introduces a range of improvements to security. Besides its existing support for Secure Sockets Layer (SSL), Version 3.0, CICS Transaction Server now supports the Transport Layer Security (TLS), Version 1.0 protocol. This includes support for the Advanced Encryption Standard (AES) cipher suites that offer 128-bit and 256-bit encryption.

Resource definitions for TCP/IP service and CORBA Server are enhanced to allow the user to specify the precise list of cipher suites to be used in the negotiation. This capability is also included in the new uriMAP resource definition. To support management of these new capabilities and resources, CICS Transaction Server, Version 3.1 includes new system programming interface (SPI) commands.

CICS Transaction Server, Version 3.1 now supports certificate revocation lists (CRLs) when negotiating with clients, allowing any connections using revoked certificates to be closed immediately. A new transaction, CCRL, is provided to update the CRL in the Lightweight Directory Access Protocol (LDAP) server. These negotiations offer more flexibility. Now, you can specify a minimum, as well as a maximum, encryption level to negotiate with particular users.

You can also specify whether session IDs are shared across an IBM Parallel Sysplex® environment, improving the current use of the cache at the address-space level. Caching enables an SSL handshake to be optimized based on a previous negotiation, helping to improve the performance of the connection setup.

An increased number of simultaneous SSL connections can now be used, as a result of the introduction of support for pthreads within the IBM Language Environment® enclave from which system SSL is invoked. With this support, your system can achieve better throughput and improve the support for new functions such as Web services.

Support for mixed-case passwords CICS Transaction Server, Version 3.1 now supports an underlying capability for case-sensitive passwords. When this capability is active, it is indicated on the sign-on panel supplied by CICS Transaction Server.

Improved user-ID checks

The revoked status of a user-ID or group connection is now tested by the EXEC CICS START USERID() command at the time it is issued, so that the issuer can be notified by the USERIDERR command if applicable.

Application transformation

CICS Transaction Server, Version 3.1 includes enhancements that help you extend existing applications and develop new applications, using contemporary programming languages, constructs and tools.