What cryptographic protocols are used by XCOM 12.0 for Z/OS when performing SSL transfers?
It depends on the cryptographic software used for the encryption, and is also influenced by the specification of SSL_METHOD parameter.
The cryptographic software is determined by default parameter SSL_VERSION (which is normally specified in the TYPE=CONFIG defaults member). SSL_METHOD parameter is specified in the SSL configuration file in use for the transfer (which in turn is set by default parameter XCOM_CONFIG_SSL)
With SSL_VERSION=SYSTEM, XCOM uses IBM's SystemSSL and the protocols available are:
- TLSV1, TLSV1.1 and TLSV1.2 are enabled in all cases
- SSLV3 is optionally enabled by setting SSL_METHOD=ALL. It is disabled otherwise.
With SSL_VERSION=OPEN, XCOM uses open-source software OpenSSL, and the protocols available are:
- With SSL_METHOD=V3, only SSLV3
- With SSL_METHOD=TLS, only TLSV1
- With SSL_METHOD=ALL, both SSLV3 and TLSV1
IBM's System SSL was introduced in XCOM r12.0. The OpenSSL collection of encryption protocols is deprecated and replaced by IBM's System SSL. Please refer to our CA XCOM r12.0 Release guide.