XCOM for z/OS secure/SSL transfer cryptographic protocols
search cancel

XCOM for z/OS secure/SSL transfer cryptographic protocols

book

Article ID: 31299

calendar_today

Updated On: 04-27-2025

Products

XCOM Data Transport XCOM Data Transport - z/OS

Issue/Introduction

What cryptographic protocols are used by XCOM 12.0 for z/OS when performing secure/SSL transfers?

Environment

XCOM™ Data Transport® for z/OS

Resolution

It depends on the cryptographic software used for the encryption, and is also influenced by the specification of SSL_METHOD parameter.

The cryptographic software is determined by default parameter SSL_VERSION (which is normally specified in the TYPE=CONFIG defaults member).
The SSL_METHOD parameter is specified in the SSL configuration file in use for the transfer (which in turn is set by default parameter XCOM_CONFIG_SSL)

  1. Using IBM System SSL (SSL_VERSION=SYSTEM) the protocols available are:
    • TLSv1, TLSv1.1 and TLSv1.2 are enabled in all cases
    • SSLv3 is optionally enabled by setting SSL_METHOD=ALL. It is disabled otherwise.

  2. Using open-source software OpenSSL (SSL_VERSION=OPEN), the protocols available are:
    • With SSL_METHOD=v3, only SSLv3
    • With SSL_METHOD=TLSv1, only TLSv1
    • With SSL_METHOD=TLSv1.1, only TLSv1.1
    • With SSL_METHOD=ALL, all protocols are available.

Additional Information

NOTE:
With later XCOM 12.0 maintenance, use of OpenSSL was initially deprecated and with LU07625 is now not supported: XCOM™ Data Transport® for z/OS 12.0 > Release Notes > Obsolete Features