Customizing TLS to connect components with HCL Workload Automation for Z
Before you begin
About this task
To customize TLS v1.2 and v1.3 to connect with HCL Workload Automation for Z, perform the
following steps:
- Specify the following statement in the started task, job, or TSO logon procedure of
each component that you want to connect:
- //STDENV DD card
- Add this DD card to point to a PDS member (for example, a member of the PARMLIB)
where you specify the values for the environment variable that you need. For
example,
//STDENV DD DISP=SHR,DSN=TWS.SUBSYSN.PARM(ENVVAR)
ENVVAR
in the previous example), define the following values. For a complete list of the environment variables that you can set to configure TLS, see the z/OS Cryptographic Services System SSL Programming manual.GSK_PROTOCOL_TLSV1_2=ON GSK_PROTOCOL_TLSV1_3=ON GSK_V3_CIPHER_SPECS_EXPANDED=130313021301C030009FC02F009E
Note:- If you set both
GSK_PROTOCOL_TLSV1_2
andGSK_PROTOCOL_TLSV1_3
toOFF
or you do not set any of them, TLS v1.2 is automatically enabled (this is the default).If you set only
GSK_PROTOCOL_TLSV1_3
toON
, TLS v1.2 is not enabled. - To enable the TLS communication between a
component that has been migrated to version 10.1 and a component that is still at
an earlier version, ensure that you set the following environment variable to
specify at least one cipher in common with the component to which you are going to
connect. (For a list of cipher codes, see the section about the cipher suite
definitions in the z/OS Cryptographic Services System SSL Programming
manual.)
GSK_V3_CIPHER_SPECS_EXPANDED=130313021301C030009FC02F009E0035
- According to the component that you are configuring, set the required SSL parameters. For a summary of the statements related to the SSL communication, see SSL connection.
For a scenario about how to set up a TLS communication with custom self-signed certificates, see Scenario: configuring TLS with custom self-signed certificates.