Setting up the XCOM transfer via OpenSSL Keyring authorization between our two LPARs. Tested OK for non-SSL (port 8044) and SSL (port 8045) transfer. But trying to use Keyring method always failed:

XCOMM0780E Txpi  319: IRRSDL00 USERID=<userid> KEYRING=<ring name> SAF_RC=8 RACF_RC=8 RACF_RSN=48     
XCOMM0093E 172.17.32.1     #002000 C201725X    ERROR ACTIVATING SESSION - SESSION NOT ESTABLISHED    

Release : 12.0

Component : XCOM Data Transport for z/OS

The 8/8/48 for a "read first" or "read next" indicates that the buffer used for the read is not large enough to contain the returned certificate.

XCOM's R_DATALIB calling module was written 16 years ago.  Certificates and keys were smaller at that time.  Unfortunately, there is no way to parametrically enlarge those buffers.

That said, it seems that the only way forward is to use AT-TLS or System SSL instead of OpenSSL.  This is particularly true since XCOM has deprecated OpenSSL (years ago...) and is no longer being updated, and no new fixes are being written for it.

One additional point about OpenSSL and XCOM for z/OS - the level of OpenSSL hasn't been updated since it was deprecated.  As such, it is significantly back-level and has several known vulnerabilities. 

AT-TLS is the preferred encryption method, but System SSL is still valid and supported.