Gen EDGE

Upgrading soon from V8.5 to V8.6 and there is a requirement that communications between clients and servers should be encrypted.

I've read the sections in the release document about encryption and secure connections.

For a secure connection using Client Manager (Windows) to CICS using the encryption available with the latest release of V8.6, do you need to regen the windows clients and/or the CICS server managers? Or, is it just changes in Client Manager setup and SSL on the CICS side?

Hello Don,
The SSL enhancement needed for Client Manager (CM) to z/OS CICS Socket or Multi-Socket Listener are Client Manager related only and you do not need to regenerate any parts of the application.
The CM SSL enhancement was first released in PTF CCN86103 and is is now in Gen 8.6 Complete PTF WKS86200.
I don't believe any PTF was required for the CICS side and you just need to setup SSL there. 
I will add some links below that you may have already read:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/ca-gen-8_6-ga.html ("Establishing Secure Connection between Client Manager and CICS Server")
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/security-in-client-manager.html
http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/configuring-client-manager-server-connections/tcp-ip-socket-connections.html

Hope that helps

Regards,

Lynn

------------------------------
Lynn Williams
Senior Principal Support Engineer
Broadcom
Australia
------------------------------

Original Message:
Sent: 03-19-2020 02:59 PM
From: Don Phillips
Subject: Encrypted secure connection for V8.6 upgrade

Upgrading soon from V8.5 to V8.6 and there is a requirement that communications between clients and servers should be encrypted.

I've read the sections in the release document about encryption and secure connections.

For a secure connection using Client Manager (Windows) to CICS using the encryption available with the latest release of V8.6, do you need to regen the windows clients and/or the CICS server managers? Or, is it just changes in Client Manager setup and SSL on the CICS side?

.... Gen Engineering just confirmed to me that on z/OS side you just need to define SSL secure Port(s) in TCP/IP and provide the Certificate(s). No PTFs or any configuration changes are needed for the Gen Sockets listener or application servers.

------------------------------
Lynn Williams
Senior Principal Support Engineer
Broadcom
Australia
------------------------------

Original Message:
Sent: 03-19-2020 05:31 PM
From: Lynn Williams
Subject: Encrypted secure connection for V8.6 upgrade

Hello Don,
The SSL enhancement needed for Client Manager (CM) to z/OS CICS Socket or Multi-Socket Listener are Client Manager related only and you do not need to regenerate any parts of the application.
The CM SSL enhancement was first released in PTF CCN86103 and is is now in Gen 8.6 Complete PTF WKS86200.
I don't believe any PTF was required for the CICS side and you just need to setup SSL there.
I will add some links below that you may have already read:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/ca-gen-8_6-ga.html ("Establishing Secure Connection between Client Manager and CICS Server")
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/security-in-client-manager.html
http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/configuring-client-manager-server-connections/tcp-ip-socket-connections.html

Hope that helps

Regards,

Lynn

------------------------------
Lynn Williams
Senior Principal Support Engineer
Broadcom
Australia

Original Message:
Sent: 03-19-2020 02:59 PM
From: Don Phillips
Subject: Encrypted secure connection for V8.6 upgrade

Upgrading soon from V8.5 to V8.6 and there is a requirement that communications between clients and servers should be encrypted.

I've read the sections in the release document about encryption and secure connections.

For a secure connection using Client Manager (Windows) to CICS using the encryption available with the latest release of V8.6, do you need to regen the windows clients and/or the CICS server managers? Or, is it just changes in Client Manager setup and SSL on the CICS side?

Just a point on the 8.5 -> 8.6 upgrade itself.
To put your applications on a fully supported release (Gen generated code and runtimes) beyond the recently announced Gen 8.5 End Of Support date of June 30, 2021 you would need to regenerate them for Gen 8.6 by that date. In the meantime to use 8.5 generated code with 8.6 runtimes:

a. For Windows clients you need to regenerate to be able to use 8.6 runtimes because the 8.5 runtime dlls contain versioning in the names. The versioning has actually been removed in the 8.6 Windows runtimes (https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/ca-gen-8_6-ga/ca-gen-release-8-6.html#concept.dita_871a4313b78cbc9cc3642911b1858fca9be2da17_RemovedFeatures)

b. For z/OS CICS servers you can run 8.5 generated load modules with 8.6 runtimes:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/general-considerations.html
http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/encyclopedia/host-encyclopedia/host-encyclopedia-construction/dlls-compatibility-and-application-migration-in-he.html

Hope that helps

------------------------------
Lynn Williams
Senior Principal Support Engineer
Broadcom
Australia
------------------------------

Original Message:
Sent: 03-19-2020 05:54 PM
From: Lynn Williams
Subject: Encrypted secure connection for V8.6 upgrade

.... Gen Engineering just confirmed to me that on z/OS side you just need to define SSL secure Port(s) in TCP/IP and provide the Certificate(s). No PTFs or any configuration changes are needed for the Gen Sockets listener or application servers.

------------------------------
Lynn Williams
Senior Principal Support Engineer
Broadcom
Australia

Original Message:
Sent: 03-19-2020 05:31 PM
From: Lynn Williams
Subject: Encrypted secure connection for V8.6 upgrade

Hello Don,
The SSL enhancement needed for Client Manager (CM) to z/OS CICS Socket or Multi-Socket Listener are Client Manager related only and you do not need to regenerate any parts of the application.
The CM SSL enhancement was first released in PTF CCN86103 and is is now in Gen 8.6 Complete PTF WKS86200.
I don't believe any PTF was required for the CICS side and you just need to setup SSL there.
I will add some links below that you may have already read:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/ca-gen-8_6-ga.html ("Establishing Secure Connection between Client Manager and CICS Server")
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/security-in-client-manager.html
http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/configuring-client-manager-server-connections/tcp-ip-socket-connections.html

Hope that helps

Regards,

Lynn

------------------------------
Lynn Williams
Senior Principal Support Engineer
Broadcom
Australia

Original Message:
Sent: 03-19-2020 02:59 PM
From: Don Phillips
Subject: Encrypted secure connection for V8.6 upgrade

Upgrading soon from V8.5 to V8.6 and there is a requirement that communications between clients and servers should be encrypted.

I've read the sections in the release document about encryption and secure connections.

For a secure connection using Client Manager (Windows) to CICS using the encryption available with the latest release of V8.6, do you need to regen the windows clients and/or the CICS server managers? Or, is it just changes in Client Manager setup and SSL on the CICS side?