When using native SSL, why can't we disable TLSV1.0?

Question & Answer

Question

We use native SSL, not AT-TLS, for FTP. In the local host, we specified:

ENVAR("GSK_PROTOCOL_TLSV1=ON")
ENVAR("GSK_PROTOCOL_TLSV1_2=ON")

Then TLSv1.2 protocol was used for the FTP session. When we changed

ENVAR("GSK_PROTOCOL_TLSV1=OFF")
ENVAR("GSK_PROTOCOL_TLSV1_2=OFF")

we expected the FTP job to fail. Instead, the FTP job completed with RC=0 by using TLSV1.0 protocol. Why didn't GSK_PROTOCOL_TLSV1=OFF work?

Cause

https://www.ibm.com/developerworks/library/ws-ssl-security/index.html

Answer

Currently, z/OS Communications Server does not provide a way to disable TLSV1.0 when using native SSL.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
17 June 2020

UID

dwa1473320

Tips