Peter wrote: >After implementing ATTLS there is some delay in our CICS transaction but I >was suspecting if sn absence of crypto processor can overload the general >processor to cause this delay ?
Define "some delay". Adding AT-TLS means that a TLS handshake is being added to the communication. That isn't instantaneous, and means some additional network back-and-forth. I'd strongly suspect that it's more just network latency added by that than the cost of the encryption itself. As for CPACF, this tiny Rexx program will tell you if it's enabled. It does require that CSF (ICSF) be running/have run since IPL. It tests a bit CSF sets after *it* verifies the existence of CPACF by trying the instructions. /* REXX */ if bitand(storage(d2x(x2d(c2x(storage(d2x(x2d(c2x(, storage(d2x(x2d(c2x(storage(10,4)))+x2d(C8)),4)))+, x2d(B8)), 4)))+x2d(11A)), 1), '08'x) <> '00'x then say 'CPACF is enabled' else say 'CPACF is not enabled' /* tests CCVT_KMC_AES256 (x'08', "KMC AES 256 key enabled") on flag CCVT_KMC_EXPORT3 (offset 11A) in CSFCCVT, pointed to by CVTABEND (offset x'B8') into CVT (X'10' in page 0) */ If by some chance CPACF is NOT enabled, it's a free feature on all current IBM hardware, so get it turned on! Do make sure that anything you enable AT-TLS for both can handle TLS at the other end AND is not already doing TLS. We've had several incidents where people turned on AT-TLS "because it's good" and our product was already doing TLS. The double encryption does not work out well--specifically, it results in strange connection failures because "inner" level of negotiation works, but then instead of seeing a request, it sees another TLS negotiation start, which it doesn't understand since it's not looking for one. It doesn't sound like this is your issue--if it were, you'd be having failures, not delays!--but it's important to understand and I'll keep repeating it because it seems to be a common error. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN