attempted to use MSM to download maintenance produced the following message:

Unable to perform the requested action.
  Additional Diagnostic Data:
    Error encountered while accessing:
    https://supportservices.ca.com/support/
    CA CSM cannot connect to CA Support Online via HTTPS. Check your internet connection settings on the Software 
      Acquisition page, on the Settings tab.

Exception Details
=================
com.ca.mf20.SAM.SupportOnlineAccessException: Unable to perform the requested action.
  Attached Diagnostic Text:
Error encountered while accessing:
https://supportservices.ca.com/support/
CA CSM cannot connect to CA Support Online via HTTPS. Check your internet connection settings on the Software Acquisition page, on the Settings tab.

further down in the details:
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

This worked before and nothing was changed on customer side.

Release : 6.0 and 6.1

Component : MSM PRODUCT ACQUISITION SERVICE

In your SAMPLIB(MSMLIB) member that is assigned to the STDENV DD in MSMTC include

IJO="$IJO -Dcom.ibm.jsse2.overrideDefaultTLS=true"
IJO="$IJO -Dsecurity.protocols=TLSv1.2"

It is case sensitive.
These parms should be added after
000066 # Configure JVM options
000067 # Note that Tomcat requires default ASCII file.encoding
000068 IJO="-Xms128m -Xmx768m -Xss768m"
(memory numbers can vary in your environment)

Recycle MSMTC and test if the  peer not authenticated still occurs.
HTTPS TEST connection button would be sufficient for testing - /Settings/System Settings/Software Acquisition

It was also seen when running earlier JAVA 7 versions like
java version "1.7.0"
 Java(TM) SE Runtime Environment (build pmz6470_27sr3fp20-20151119_01 (SR3 FP20))
that an upgrade to current JAVA 8 version is required to take advantage of above parameters.

Changing JAVA version for CSM is documented here: 
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/traditional-management/ca-chorus-software-manager/6-1/administrating/reassign-the-java-home-directory.html

If running still into problems, add debugging as follows in .samplib(msmlib) member after above parms:
IJO="$IJO -Djavax.net.debug=ssl:handshake:verbose"

This trace shows:
 http-bio-9902-exec-10, WRITE: TLSv1 Handshake, length = 133                                                                         
 http-bio-9902-exec-10, READ: TLSv1 Alert, length = 2                                                                                
 http-bio-9902-exec-10, RECV TLSv1.2 ALERT:  fatal, handshake_failure                                                                
 http-bio-9902-exec-10, called closeSocket()                                                                                         
 http-bio-9902-exec-10, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure             
 http-bio-9902-exec-10, IOException in getSession():  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure