Table 1 lists z/OS UNIX /etc files.
Utility | Rel. | IBM-provided sample file | Target location | What changed and when | Reason for change |
---|---|---|---|---|---|
DCAS | V2R1 | No sample provided | /etc/dcas.conf | In z/OS V2R1 Communications Server, a new DCAS keyword, TLSMECHANISM, is provided to configure the DCAS (Digital Certificate Access Server) server to use Application Transparent Transport Layer Security (AT-TLS) to manage TLS security. | AT-TLS enablement for DCAS |
In z/OS V2R1 Communications Server, a new TLSV1ONLY keyword is provided to configure SSLV3 protocol for connections that are secured using SSL implemented by DCAS. | Release update | ||||
FTP Server and Client | V2R1 | SEZAINST (FTCDATA) for the client and (FTPSDATA) for the server | FTP.DATA | In z/OS V2R1 Communications Server, a new SSLV3 keyword is provided to configure SSLV3 protocol for connections that are secured using TLS implemented by FTP. | Release update |
Policy Agent | V2R1 | /usr/lpp/tcpip/samples/pagent.conf | /etc/pagent.conf | In z/OS V2R1 Communications Server, a new ServerSSLv3 keyword is provided to configure SSLV3 protocol for the policy client that connects to the server. | Release update |
z/OS V2R1 Communications Server Policy Agent, centralized Policy Agent now supports TLSv1.1 and TLSv1.2 2-byte ciphers. For detailed information, see the ServerSSLV3CipherSuites parameter of the ServerConnection statement in z/OS V2R1.0 Communications Server: IP Configuration Reference. In z/OS V2R1 Communications Server, the import services between Policy Agent and IBM Configuration Assistant for z/OS Communications Server can have user defined AT-TLS policies to create a secure SSL connection. | TLS security enhancements for Policy Agent | ||||
Sendmail | V2R1 | /usr/lpp/tcpip/samples/sendmail/cf/zOS.cf | /etc/mail/zOS.cf | In z/OS V2R1 Communications Server, a new SSLV3 keyword is provided to configure SSLV3 protocol for connections that are secured using System SSL. | Release update |
z/OS UNIX sendmail CipherLevel statement now supports TLSv1.2 2-byte ciphers. See CipherLevel statement in the Creating the z/OS specific file topic topic in z/OS V2R1.0 Communications Server: IP Configuration Guide. | TLS Security enhancements for sendmail | ||||
SNMP Agent | V2R1 | /usr/lpp/tcpip/samples/snmpd.conf | /etc/snmpd.conf | New privacy protocol value AESCFB128 can be specified on a USM_USER statement to request AES 128-bit encryption. | Network Security enhancements for SNMP |
z/OS UNIX snmp command | V2R1 | /usr/lpp/tcpip/samples/snmpv2.conf | /etc/osnmp.conf | New privacy protocol value AESCFB128 can be specified on a statement for an SNMPv3 user to request AES 128-bit encryption. | Network Security enhancements for SNMP |