What version of CA XCOM on Linux or UNIX is compatible with z/OS System SSL

book

Article ID: 196042

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - Linux PC CA XCOM Data Transport - Windows CA XCOM Data Transport - z/OS XCOM - SUPPORT

Issue/Introduction

What version of CA XCOM on the distributed systems is compatible with XCOM for z/OS using IBM System SSL?

 

Environment

XCOM r12.0 for z/OS

XCOM r11.6 for Linux

XCOM r11.6 for Unix

Resolution

The following CA XCOM Data Transport platforms have support for TLS v1.1 and 1.2.
 
* CA XCOM Data Transport for Windows 11.6 SP02 or above
* CA XCOM Data Transport for Linux/Unix 11.6 SP01
* CA XCOM Data Transport for AS/400 i5/OS 11.0 SP01  
* CA XCOM Data Transport for HP NonStop XEON 11.1

* CA XCOM Data Transport for z/OS
 

Platforms such as currently do not, but they still do support non-TLS connections to IBM's SystemSSL:
 
* CA XCOM Data Transport for HP NonStop IA64 11.0 SP00
 

 
TLS v1.1 and TLS v1.2 Support:    (From XCOM for Windows, for example.  Scroll down from this URL)
 
This release adds support for Transport Layer Security (TLS) v1.1 and v1.2. Based on the security requirements, you can
enable these protocols for Secure Socket transfers. The following TLS/SSL methods are supported in configssl.cnf:ssl.cnf:
 
ALL
                • Supports TLSv1.2, TLSv1.1, TLSv1.0 and SSLv3 protocols
                • Maintains backward compatibility
TLSv1.2
                • Supports TLSv1.2 protocol
                • This option is new for this release
TLSv1.1
                • Supports TLSv1.1 protocol
                • This option is new for this release
TLSv1 or TLS
                • Supports TLSv1.0 protocol
V3
                • Supports SSLv3 protocol
 
For more details about these protocols, see Cryptographic Protocols.
The default TLS/SSL methods are set to ALL. As a result, the CA XCOM Data Transport for UNIX/Linux transfer selects
the newest protocol supported by the partner CA XCOM.
 
In the following example, the transfer runs over TLSv1.2. If the partner does not support TLSv1.2, then the implementation
falls back to the next best version that the partner supports.
 
[SSL_METHOD]
INITIATE_SIDE = ALL
RECEIVE_SIDE = ALL
 
When a TLS or SSL connection is established, the client and server negotiate a cipher suite, exchanging cipher suite
codes in the client hello and server hello messages. The cipher suite specifies a combination of cryptographic algorithms
to be used for the connection. For more details, see Supported Cipher Suites.