Method is Invalid when migrating XCOM transfers from SSLv3 to TLSv1.2

book

Article ID: 223195

calendar_today

Updated On:

Products

CA XCOM Data Transport - z/OS

Issue/Introduction

We are migrating the outgoing secure XCOM transfers to an external server currently using SSLV3 to TLS (other end has TLSV1.2). After updating the XCOM SSL configuration file with TLSv1.2, there is an error stating that the method is invalid.


Change done to implement TLSv1.2

SSL_METHOD
INITIATE_SIDE= TLSv1.2
RECEIVE_SIDE = TLSV1.2

 

Cause

OpenSSL for XCOM r12.0 is deprecated and does not support TLS 1.2.

Environment

Release : 12.0

Component :

Resolution

In order to support TLS 1.2 with XCOM r12.0 for z/OS and its partner systems, you will need to configure XCOM r12.0 for z/OS to use IBM System SSL instead of OpenSSL. 

Additional Information

Please review the XCOM r12 manuals for details. Make sure to review the values of CONFIG parameters SSL_VERSION= and XCOM_CONFIG_SSL, in addition to modifying the SYSconfigSSL.cnf file in order to use IBM System SSL.

Note: SSL methods v3, and TLS 1.0, 1.1 are also supported when configuring XCOM r12.0 to use IBM System SSL. We always recommend that the latest SSL method be used for secured transfers.