ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » zOS 1.13 TLS 1.2

Post new topic  Reply to topic
 zOS 1.13 TLS 1.2 « View previous topic :: View next topic » 
Author Message
migz0901
PostPosted: Tue Apr 05, 2016 11:05 pm    Post subject: zOS 1.13 TLS 1.2 Reply with quote

Apprentice

Joined: 01 Nov 2012
Posts: 28

Hello peeps,

Is there any requirements to use TLS 1.2 on zOS 1.13?
We have APAR PM77341 and APAR OA39422 in place.

Is TLS 1.2 requires the ICSF Hardware Crypto enabled?

TIA,
Migz
Back to top
View user's profile Send private message
MQsysprog
PostPosted: Wed Apr 06, 2016 12:22 am    Post subject: Reply with quote

Centurion

Joined: 24 Feb 2014
Posts: 116

Hello,

There has been several vulnerability reports from Ibm on sslv3 ,so the advice is to use Tls .
The hardware used in the Z/OS enviroment, for the crypto facilities is well described here :

http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP100810

Hope It Helps

Emanuele
Back to top
View user's profile Send private message
mqjeff
PostPosted: Wed Apr 06, 2016 5:05 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

TLS in general is required for any secure communications.

SSLV3 has been proven to be fundamentally broken.
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
migz0901
PostPosted: Wed Apr 13, 2016 8:31 pm    Post subject: Reply with quote

Apprentice

Joined: 01 Nov 2012
Posts: 28

Thank you guys for the replies... I have changed the MQ channel cipher using
TLS_RSA_WITH_AES_256_CBC_SHA256... is it possible to check if we are really using TLS1.2.


TIA,
Migz
Back to top
View user's profile Send private message
MQsysprog
PostPosted: Wed Apr 13, 2016 10:05 pm    Post subject: Reply with quote

Centurion

Joined: 24 Feb 2014
Posts: 116

Yes you could check it on this table :

http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.ihs.doc/ihs/rihs_ciphspec.html

Since you have enabled it with success ,i think the level of Z/OS and the required apar for Tls 1.2 are in place

Emanuele
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » zOS 1.13 TLS 1.2
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.