What version of XCOM on Linux/UNIX is compatible with z/OS System SSL

book

Article ID: 196042

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - Linux PC CA XCOM Data Transport - Windows CA XCOM Data Transport - z/OS XCOM - SUPPORT

Issue/Introduction

What version of CA XCOM on the distributed systems is compatible with XCOM for z/OS using IBM System SSL?

 

Environment

XCOM r12.0 for z/OS

XCOM r11.6 for Linux

XCOM r11.6 for Unix

Resolution

The following CA XCOM Data Transport platforms have support for TLS v1.1 and 1.2.

  • CA XCOM Data Transport for Windows 11.6 SP02 or above
  • CA XCOM Data Transport for Linux/Unix 11.6 SP01 or above
  • CA XCOM Data Transport for AS/400 i5/OS 11.0 SP01 or above  
  • CA XCOM Data Transport for HP NonStop XEON 11.1 or above
  • CA XCOM Data Transport for z/OS
     

Platforms that do not currently support those versions of TLS, still do support non-TLS connections to IBM's SystemSSL. such as

  • CA XCOM Data Transport for HP NonStop IA64 11.0 SP00
     
     

Additional Information

From XCOM for Windows online documentation, TLS v1.1 and TLS v1.2 Support:    

This release adds support for Transport Layer Security (TLS) v1.1 and v1.2. Based on the security requirements, you can enable these protocols for Secure Socket transfers. The following TLS/SSL methods are supported in configssl.cnf:ssl.cnf:
 
ALL
                • Supports TLSv1.2, TLSv1.1, TLSv1.0 and SSLv3 protocols
                • Maintains backward compatibility
TLSv1.2
                • Supports TLSv1.2 protocol
                • This option is new for this release
TLSv1.1
                • Supports TLSv1.1 protocol
                • This option is new for this release
TLSv1 or TLS
                • Supports TLSv1.0 protocol
V3
                • Supports SSLv3 protocol
 
For more details about these protocols, see Cryptographic Protocols.
The default TLS/SSL methods are set to ALL. As a result, the CA XCOM Data Transport for UNIX/Linux transfer selects the newest protocol supported by the partner CA XCOM.
 
In the following example, the transfer runs over TLSv1.2. If the partner does not support TLSv1.2, then the implementation falls back to the next best version that the partner supports.
 
[SSL_METHOD]
INITIATE_SIDE = ALL
RECEIVE_SIDE = ALL
 
When a TLS or SSL connection is established, the client and server negotiate a cipher suite, exchanging cipher suite codes in the client hello and server hello messages. The cipher suite specifies a combination of cryptographic algorithms to be used for the connection. For more details, see Cipher Suite Support.