Migrate environment variable settings

Description

With PM62905 and OA39422 applied on z/OS V1R13, support for the TLSv1.2 protocol or support for the RFC 5746 renegotiation could be configured by coding environment variables such as GSK_PROTOCOL_TLSV1_2=ON or GSK_RENEGOTIATION=NONE in a file pointed to by the Envfile parameter on the TTLSGroupAdvancedParms statement. In z/OS V2R1, support for the TLSv1.2 protocol and the RFC 5746 renegotiation is configured in the AT-TLS policy configuration. The TLSv1.2 protocol is configured on the TTLSEnvironmentAdvancedParms or TTLSConnectionAdvancedParms statement. The RFC 5746 renegotiation is configured on the TTLSEnvironmentAdvancedParms statement.

Table 1 provides more details about this migration action. Use this information to plan your changes to the system.

Table 1. Information about this migration action
Element or feature: z/OS Communications Server.
When change was introduced: z/OS V2R1.
Applies to migration from: z/OS V1R13.
Timing: After the first IPL of z/OS V2R2.
Is the migration action required? Yes, if the TLSv1.2 support or the RFC 5746 renegotiation is enabled in a file pointed to by the Envfile parameter on the TTLSGroupAdvancedParms statement.
Target system hardware requirements: None.
Target system software requirements: None.
Other system (coexistence or fallback) requirements: None.
Restrictions: None.
System impacts: None.
Related IBM® Health Checker for z/OS® check: None.

Steps to take

Follow these steps:
  1. If support for the TLSv1.2 protocol is configured by specifying GSK_PROTOCOL_TLSV1_2=ON from the file pointed to by the Envfile parameter on the TTLSGroupAdvancedParms statement, remove GSK_PROTOCOL_TLSV1_2=ON from the file and configure TLSv1.2 On on the TTLSEnvironmentAdvancedParms statement.
  2. If support for the RFC 5746 renegotiation is configured from the file pointed to by the Envfile parameter on the TTLSGroupAdvancedParms statement, remove the environment variable from the file and configure the equivalent support on the TTLSEnvironmentAdvancedParms statement.
    • If GSK_RENEGOTIATION=NONE is configured, configure Renegotiation Default.
    • If GSK_RENEGOTIATION=DISABLE is configured, configure Renegotiation Disable.
    • If GSK_RENEGOTIATION=ALL is configured, configure Renegotiation All.
    • If GSK_RENEGOTIATION=ABBREVIATED is configured, configure Renegotiation Abbreviated.
    • If GSK_EXTENDED_RENEGOTIATION_INDICATOR=OPTIONAL is configured, configure RenegotiationIndicator Optional.
    • If GSK_EXTENDED_RENEGOTIATION_INDICATOR=CLIENT is configured, configure RenegotiationIndicator Client.
    • If GSK_EXTENDED_RENEGOTIATION_INDICATOR=SERVER is configured, configure RenegotiationIndicator Server.
    • If GSK_EXTENDED_RENEGOTIATION_INDICATOR=BOTH is configured, configure RenegotiationIndicator Both.
    • If GSK_RENEGOTIATION_PEER_CERT_CHECK=OFF is configured, configure RenegotiationCertCheck Off.
    • If GSK_RENEGOTIATION_PEER_CERT_CHECK=ON is configured, configure RenegotiationCertCheck On.

Reference information

See z/OS Communications Server: IP Configuration Reference for information about:
  • Using the TTLSEnvironmentAdvancedParms or TTLSConnectionAdvancedParms statement for the syntax for coding TLSv1.2.
  • Configuring support for the RFC 5746 renegotiation.
Parent topic: Communications Server actions to perform after the first IPL of z/OS V2R2