SYSconfigSSL Questions - Configuring CA XCOM for z/OS 12.0 for TLS v1.2
book
Article ID: 72356
calendar_today
Updated On:
Products
XCOM Data TransportXCOM Data Transport - z/OS
Issue/Introduction
Currently we are allowing TLS 1.0, TLS 1.1, and TLS 1.2 ciphers across the secure port we use for XCOM. We have updated the SYSconfigSSL file to only allow TLS ciphers, but now we would like to allow only TLS v1.2 ciphers. In going through the guides for CA XCOM for z/OS 12.0, we can't seem to figure out the syntax to allow only TLS v1.2 ciphers, or if that is even possible.
Environment
Release: CA XCOM Data Transport for z/OS 12.0 Component: XCMVS
Resolution
You configure TLS v1.2. for XCOM by specifying only TLS v1.2 ciphers. The configuration does not change otherwise. There is no TLSV 1.2 parameter setting. We cannot really recommend specific ciphers as that should be made by your security team. Today's recommended ciphers could be outdated at any point. The final decision should be made by your security people.