Implement IBM System SSL in XCOM r12 and retain SSL v3
search cancel

Implement IBM System SSL in XCOM r12 and retain SSL v3

book

Article ID: 12317

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Windows XCOM Data Transport - Linux PC XCOM Data Transport - z/OS

Issue/Introduction

Needing to support TLS 1.2 with XCOM r12 for z/OS and that requires implementing IBM's System SSL. Will implementing IBM's System SSL be compatible with the other XCOM platforms that still use OpenSSL v3?

Environment

CA XCOM Data Transport for z/OS

Resolution

Implementing IBM's System SSL with XCOM r12 for z/OS is compatible with other XCOM r11.x platforms that use OpenSSL v3 for its transfers.
In the SYSconfigssl.cnf file, IBM System SSL can support SSLv3 by setting SSL_METHOD values for INITIATE_SIDE and RECEIVE_SIDE to ALL which is the current default value. Using ALL enables all protocols supported by the System SSL (includes SSLv3) and the one to be used is then negotiated.
Alternatively to just support SSLv3 the SSL_METHOD values for INITIATE_SIDE and RECEIVE_SIDE can be set specifically to SSLv3.

Additional Information