XCOMM0775E SSL_VERSION=OPEN is no longer supported
search cancel

XCOMM0775E SSL_VERSION=OPEN is no longer supported

book

Article ID: 272071

calendar_today

Updated On:

Products

XCOM Data Transport - z/OS XCOM Data Transport

Issue/Introduction

After applying the latest XCOM for z/OS 12.0 maintenance, when starting the XCOM STC the XCOMLOG shows this message a few times:
XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM

*****
1                        J E S 2  J O B  L O G  --  S Y S T E M  S Y S 1 --  N O D E  N O 1
0
 10.12.51 S0053272 ---- MONDAY,    21 AUG 2023 ----
 10.12.51 S0053272  IEF695I START XCOM     WITH JOBNAME XCOM     IS ASSIGNED TO USER XCOM    , GROUP #STC
 10.12.51 S0053272  $HASP373 XCOM     STARTED
 10.12.51 S0053272  IEF403I XCOM - STARTED - TIME=10.12.51
 10.12.51 S0053272  XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM
...
 10.12.52 S0053272  XCOMM0056I XCOM(tm) 12.0.01  (GEN LEVEL 2202) IS UP AND ACCEPTING LOGONS
...
 IEF237I JES2 ALLOCATED TO XCOMLOG
 XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM
...
 XCOMM0141I AXC0400  REQ#=002000 ID=IVPXCOMS    RECEIVE REQUEST INITIATED BY CONVERSATION PARTNER
 XCOMM0147I AXC0400  REQ#=002000 ID=IVPXCOMS    ..................1 RECORDS RECEIVED -  FILE=ABCD.XCOM.IVP.REMOTE
 XCOMM0168E AXC0400  SCIP UNBIND TYPE 01 00000000 RECEIVED
 IGD104I ABCD.XCOM.IVP.REMOTE                         RETAINED,  DDNAME=SYS00001
 XCOMM0151I AXC0400  SESSION ENDED   CID=7800000F
1   CA XCOM(tm) Data Transport(r) v12.0 for z/OS       M E S S A G E  D A T A  S E T

 23233 10:12:51.7                            XCOMM0686I ----------------  MONDAY,    21 AUG 2023  ----------------
 23233 10:12:51.7                            XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM
 23233 10:12:51.7                            XCOMM0990I Configured Settings:
 23233 10:12:51.7                            XCOMM0992I (Values from CONFIG unless noted as follows)
 23233 10:12:51.7                            XCOMM0993I * - Defaulted Value
 23233 10:12:51.7                            XCOMM0994I + - EXEC PARM Override
 23233 10:12:51.7                            XCOMM0995I # - Changed by DFLT Command
 ...
 23233 10:12:51.7                            XCOMM0991I   SSL_VERSION         = SYSTEM
 ...

*****

Cause

The message "XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM" is related to the deprecated support for OpenSSL announced under version 12.0 GA being replaced by IBM System SSL. See: XCOM™ Data Transport® for z/OS 12.0 > Release Notes- > Deprecated Features.
Also with the latest 12.0 maintenance applied, SSL_VERSION=SYSTEM is now being enforced and OpenSSL can no longer be used.

Resolution

In summary, going forward only IBM System SSL and AT-TLS can be used for XCOM secure/SSL transfers.
If XCOM SSL transfers are being used then they need to be reconfigured to use IBM System SSL or AT-TLS.
IBM System SSL only provides TLS support up to version 1.2.
IBM AT-TLS currently provides 1.3 support and will be upgraded as new TLS versions are released.

Additional Information

The XCOMM0775E message should only appear in the log if SSL_VERSION=OPEN has been explicitly coded in the CONFIG member. If SSL_VERSION is omitted from the CONFIG member, the setting will default to SSL_VERSION=SYSTEM and no message will be written to the log.
If the CONFIG member contains both parameters SSL_VERSION=OPEN and SSL=NONE, the message will still be written to the log. However, SSL=NONE effectively disables the use of SSL transfers for the XCOM installation which cannot be overridden at transfer time, so the XCOMM0775E message can be ignored.

Related article to help convert from OpenSSL to IBM System SSL: Converting XCOM OpenSSL configuration files to System SSL

XCOM™ Data Transport® for z/OS 12.0 > Administrating > XCOM Security Considerations > Data Encryption Using SSL/TLS
XCOM™ Data Transport® for z/OS 12.0 > Administrating > Implement System SSL
XCOM™ Data Transport® for z/OS 12.0 > Overview > Features > AT-TLS Support