XCOMM0775E SSL_VERSION=OPEN is no longer supported
Article ID: 272071
Updated On:
Products
Issue/Introduction
After applying the latest XCOM for z/OS 12.0 maintenance, when starting the XCOM STC the XCOMLOG shows this message a few times:
XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM
*****
1 J E S 2 J O B L O G -- S Y S T E M S Y S 1 -- N O D E N O 1
0
10.12.51 S0053272 ---- MONDAY, 21 AUG 2023 ----
10.12.51 S0053272 IEF695I START XCOM WITH JOBNAME XCOM IS ASSIGNED TO USER XCOM , GROUP #STC
10.12.51 S0053272 $HASP373 XCOM STARTED
10.12.51 S0053272 IEF403I XCOM - STARTED - TIME=10.12.51
10.12.51 S0053272 XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM
...
10.12.52 S0053272 XCOMM0056I XCOM(tm) 12.0.01 (GEN LEVEL 2202) IS UP AND ACCEPTING LOGONS
...
IEF237I JES2 ALLOCATED TO XCOMLOG
XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM
...
XCOMM0141I AXC0400 REQ#=002000 ID=IVPXCOMS RECEIVE REQUEST INITIATED BY CONVERSATION PARTNER
XCOMM0147I AXC0400 REQ#=002000 ID=IVPXCOMS ..................1 RECORDS RECEIVED - FILE=ABCD.XCOM.IVP.REMOTE
XCOMM0168E AXC0400 SCIP UNBIND TYPE 01 00000000 RECEIVED
IGD104I ABCD.XCOM.IVP.REMOTE RETAINED, DDNAME=SYS00001
XCOMM0151I AXC0400 SESSION ENDED CID=7800000F
1 CA XCOM(tm) Data Transport(r) v12.0 for z/OS M E S S A G E D A T A S E T
23233 10:12:51.7 XCOMM0686I ---------------- MONDAY, 21 AUG 2023 ----------------
23233 10:12:51.7 XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM
23233 10:12:51.7 XCOMM0990I Configured Settings:
23233 10:12:51.7 XCOMM0992I (Values from CONFIG unless noted as follows)
23233 10:12:51.7 XCOMM0993I * - Defaulted Value
23233 10:12:51.7 XCOMM0994I + - EXEC PARM Override
23233 10:12:51.7 XCOMM0995I # - Changed by DFLT Command
...
23233 10:12:51.7 XCOMM0991I SSL_VERSION = SYSTEM
...
*****
Environment
- XCOM™ Data Transport® for z/OS
- IBM System SSL
- OpenSSL
Cause
The message "XCOMM0775E SSL_VERSION=OPEN is no longer supported: switching to SSL_VERSION=SYSTEM" is related to the deprecated support for OpenSSL announced under version 12.0 GA being replaced by IBM System SSL. See: XCOM™ Data Transport® for z/OS 12.0 > Release Notes- > Obsolete Features
Also with the latest 12.0 maintenance applied, SSL_VERSION=SYSTEM is now being enforced and OpenSSL can no longer be used.
Resolution
In summary, going forward only IBM System SSL and AT-TLS can be used for XCOM secure/SSL transfers.
If XCOM SSL transfers are being used then they need to be reconfigured to use IBM System SSL or AT-TLS.
IBM System SSL only provides TLS support up to version 1.2.
IBM AT-TLS currently provides 1.3 support and will be upgraded as new TLS versions are released.
Additional Information
The XCOMM0775E message should only appear in the log if SSL_VERSION=OPEN has been explicitly coded in the CONFIG member. If SSL_VERSION is omitted from the CONFIG member, the setting will default to SSL_VERSION=SYSTEM and no message will be written to the log.
If the CONFIG member contains both parameters SSL_VERSION=OPEN and SSL=NONE, the message will still be written to the log. However, SSL=NONE effectively disables the use of SSL transfers for the XCOM installation which cannot be overridden at transfer time, so the XCOMM0775E message can be ignored.
Related article to help convert from OpenSSL to IBM System SSL: Converting XCOM OpenSSL configuration files to System SSL
XCOM™ Data Transport® for z/OS 12.0 > Administrating > XCOM Security Considerations > Data Encryption Using SSL/TLS
XCOM™ Data Transport® for z/OS 12.0 > Installing > Complete Configuration Tasks > Implement SSL/TLS
XCOM™ Data Transport® for z/OS 12.0 > Getting Started > Features > AT-TLS Support
Feedback
