SYSconfigSSL Questions - Configuring CA XCOM for z/OS 12.0 for TLS v1.2

Document ID : KB000072356
Last Modified Date : 28/02/2018
Show Technical Document Details
Currently we are allowing TLS 1.0, TLS 1.1, and TLS 1.2 ciphers across the secure port we use for XCOM. We have updated the SYSconfigSSL file to only allow TLS ciphers, but now we would like to allow only TLS v1.2 ciphers. In going through the guides for CA XCOM for z/OS 12.0, we can't seem to figure out the syntax to allow only TLS v1.2 ciphers, or if that is even possible.
You configure TLS v1.2. for XCOM by specifying only TLS v1.2 ciphers. The configuration does not change otherwise. There is no TLSV 1.2 parameter setting. We cannot really recommend specific ciphers as that should be made by your security team. Today's recommended ciphers could be outdated at any point. The final decision should be made by your security people.
Additional Information:
Information on the IBM website: Table 1. Supported Cipher Specifications for TLS and SSL Protocols