Cryptographic protocols available for SSL transfers in CA-XCOM 12.0 for Z/OS

Document ID : KB000031299
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

What cryptographic protocols are used by XCOM 12.0 for Z/OS when performing SSL transfers?

Answer:

It depends on the cryptographic software used for the encryption, and is also influenced by the specification of SSL_METHOD parameter.

The cryptographic software is determined by default parameter SSL_VERSION (which is normally specified in the TYPE=CONFIG defaults member). SSL_METHOD parameter is specified in the SSL configuration file in use for the transfer (which in turn is set by default parameter XCOM_CONFIG_SSL)

With SSL_VERSION=SYSTEM, XCOM uses IBM's SystemSSL and the protocols available are:

- TLSV1, TLSV1.1 and TLSV1.2 are enabled in all cases

- SSLV3 is optionally enabled by setting SSL_METHOD=ALL. It is disabled otherwise.

With SSL_VERSION=OPEN, XCOM uses open-source software OpenSSL, and the protocols available are:

- With SSL_METHOD=V3, only SSLV3

- With SSL_METHOD=TLS, only TLSV1

- With SSL_METHOD=ALL, both SSLV3 and TLSV1

Additional information:

IBM's System SSL was introduced in XCOM r12.0. The OpenSSL collection of encryption protocols is deprecated and replaced by IBM's System SSL. Please refer to our CA XCOM r12.0 Release guide