What are the minimum configuration requirements needed for XCOM to act as a client or server for AT-TLS secured transfers?
Release : 12.0
Component : XCOM Data Transport for z/OS
Summarization of requirements depending on how you intend to use XCOM with AT-TLS:
1. If you intend to only use XCOM as a client with AT-TLS, then you don't need to configure XCOM for IBM System SSL. You do need to have the IBM System SSL certificates in a keyring or .kdb database and then have the AT-TLS rule reference the location of the certificates.
2. If you intend to use XCOM as a server with AT-TLS, then you need to make sure to have parameters AT-TLS= and AT-TLS_PORTS= specified in the XCOM config member. Proper AT-TLS rules must be defined as well.
3. If you intend to use XCOM as both a client and server, with AT-TLS, non SSL, and SSL, then you need to configure each of the XCOM parameters. This means the AT-TLS, AT-TLS_PORTS, SSL_VERSION, XCOM_CONFIG_SSL, etc parameters in the XCOM config member will require proper values. In addition to having valid IBM System SSL certificates and the proper AT-TLS rules.
XCOM Data Transport supports the IBM z/OS Communications Server TTLS feature as an AT-TLS aware application.
Using queries, XCOM Data Transport is aware of AT-TLS encrypted TCP/IP connection details, but does not control that encryption in any way.
Ensure to have applied PTF SO15002 ("ENHANCEMENT: SUPPORT AT-TLS ENCRYPTED NETWORK CONNECTIONS") to take advantage of the feature.
The later level set PTF LU04743 for 12.0.01 (GEN LEVEL 2202) published in February 2022 includes the ATL-TLS Support.