What are the minimum requirements needed for XCOM as a client for AT-TLS secured transfers?

Release : 12.0

Component : XCOM Data Transport for z/OS

Summarization of requirements depending on how you intend to use XCOM with AT-TLS:

1. If you intend to only use XCOM as a client with AT-TLS, then you don't need to configure XCOM for IBM System SSL. You do need to have the IBM System SSL certificates in a keyring or .kdb database and then have the AT-TLS rule reference the location of the certificates.

2. If you intend to use XCOM as a server with AT-TLS, then you need to make sure to have parameters AT-TLS= and AT-TLS_PORTS= specified in the XCOM config member. Proper AT-TLS rules must be defined as well.

3. If you intend to use XCOM as a client, server, with AT-TLS, non SSL, and SSL, then you need to configure each of the XCOM parameters. Meaning the AT-TLS, AT-TLS_PORTS, SSL_VERSION, XCOM_CONFIG_SSL, etc  parameters in the XCOM config member will require proper values. In addition to having valid IBM System SSL certificates and the proper AT-TLS rules.

XCOM Data Transport supports the IBM z/OS Communications Server TTLS feature as an AT-TLS aware application. Using queries, XCOM Data Transport is aware of AT-TLS encrypted TCP/IP connection details, but does not control that encryption in any way. Make sure to have applied fix SO15002 to take advantage of the feature.