Supported certificate types

TLS V1.3 has limited the allowed certificate types and no longer supports DSA or DH certificates. As documented in RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 RFC 8446, System SSL only supports RSA key sizes 2048 bits and larger and ECC keys 256 bits and larger when attempting to do TLS V1. 3 handshakes. RSA keys with a PKCS #1 v1.5 signature or with an RSASSA-PSS signature are supported.

If the certificate to be used for the TLS connection is of type RSA with its private key stored in the PKDS and was created or added to the RACF database prior to z/OS V2R4, the certificate will not be usable for TLS V1.3 connections. The RSA key needs to be protected using the ECC master key. Ensure that the ECC master key is activated in the CCA coprocessor and either recreate or re-import (PKCS#12) the certificate into the RACF database or convert the existing private key to be protected under the ECC master key. See Translate and replace an RSA key for RSA PSS for information on how to convert the private key. To ensure that the key can continue to be used for RSA PKCS 1.5 signature generation (for example, used for TLS V1.2 and prior connections), the format restriction keyword FR-NONE should be used when converting the private key.