TLS v1.2 considerations
TLS v1.2 support became available in z/OS® 2.1,
and is disabled by default. This policy shows the command (TLSV1.2
On
) to explicitly enable it, but has it commented out as
the target system is using z/OS 1.13.
By applying the following two APARs, TLS v1.2 support is added
to z/OS 1.13:
- System SSL APAR OA39422
- Communications Server (AT-TLS) APAR PM62905
z/OS 1.13 System SSL, which
is used by AT-TLS to implement TLS encrypted communication, requires
some additional parameters for TLS v1.2 support. These are supplied
through the AT-TLS policy using a file with System SSL environment
variables,
/etc/pagent.ttls.TLS1.2zOS1.13.env
. #
# Add TLSv1.2 support to AT-TLS
# requires z/OS 1.13 with OA39422 and PM62905
#
GSK_RENEGOTIATION=ALL
GSK_PROTOCOL_TLSV1_2=ON