Cryptographic protocols available for SSL transfers in CA-XCOM 12.0 for Z/OS
search cancel

Cryptographic protocols available for SSL transfers in CA-XCOM 12.0 for Z/OS

book

Article ID: 31299

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - z/OS

Issue/Introduction

What cryptographic protocols are used by XCOM 12.0 for Z/OS when performing SSL transfers?

Environment

Release: 12.0
Component: XCMVS

Resolution

It depends on the cryptographic software used for the encryption, and is also influenced by the specification of SSL_METHOD parameter.

The cryptographic software is determined by default parameter SSL_VERSION (which is normally specified in the TYPE=CONFIG defaults member). SSL_METHOD parameter is specified in the SSL configuration file in use for the transfer (which in turn is set by default parameter XCOM_CONFIG_SSL)

With SSL_VERSION=SYSTEM, XCOM uses IBM's System SSL and the protocols available are:

- TLSV1, TLSV1.1 and TLSV1.2 are enabled in all cases

- SSLV3 is optionally enabled by setting SSL_METHOD=ALL. It is disabled otherwise.

With SSL_VERSION=OPEN, XCOM uses open-source software OpenSSL, and the protocols available are:

- With SSL_METHOD=V3, only SSLV3

- With SSL_METHOD=TLS, only TLSV1

- With SSL_METHOD=ALL, both SSLV3 and TLSV1

Additional Information

IBM's System SSL was introduced in XCOM r12.0. The OpenSSL collection of encryption protocols is deprecated and replaced by IBM's System SSL. Please refer to our CA XCOM r12.0 Documentation.