SYSconfigSSL Questions - Configuring CA XCOM for z/OS 12.0 for TLS v1.2
search cancel

SYSconfigSSL Questions - Configuring CA XCOM for z/OS 12.0 for TLS v1.2

book

Article ID: 72356

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - z/OS

Issue/Introduction

Currently we are allowing TLS 1.0, TLS 1.1, and TLS 1.2 ciphers across the secure port we use for XCOM. We have updated the SYSconfigSSL file to only allow TLS ciphers, but now we would like to allow only TLS v1.2 ciphers. In going through the guides for CA XCOM for z/OS 12.0, we can't seem to figure out the syntax to allow only TLS v1.2 ciphers, or if that is even possible.

Environment

Release: CA XCOM Data Transport for z/OS 12.0
Component: XCMVS

Resolution

You configure TLS v1.2. for XCOM by specifying only TLS v1.2 ciphers. The configuration does not change otherwise. There is no TLSV 1.2 parameter setting. We cannot really recommend specific ciphers as that should be made by your security team. Today's recommended ciphers could be outdated at any point. The final decision should be made by your security people.

Additional Information

Information on the IBM website: Table 1. Supported Cipher Specifications for TLS and SSL Protocols
Powered by Wolken Software