Customizing TLS to connect components with HCL Workload Automation for Z
Before you begin
About this task
To customize TLS v1.2 and v1.3 to connect with HCL Workload Automation for Z, perform the
following steps:
- Specify the following statement in the started task, job, or TSO logon procedure of
each component that you want to connect:
- //STDENV DD card
- Add this DD card to point to a PDS member (for example, a member of the PARMLIB)
where you specify the values for the environment variable that you need. For
example,
//STDENV DD DISP=SHR,DSN=TWS.SUBSYSN.PARM(ENVVAR)
ENVVAR
in the previous example), define the following values. For a complete list of the environment variables that you can set to configure TLS, see the z/OS Cryptographic Services System SSL Programming manual.GSK_PROTOCOL_TLSV1_2=ON GSK_PROTOCOL_TLSV1_3=ON GSK_V3_CIPHER_SPECS_EXPANDED=130313021301C030009FC02F009E
Note:- If you set both
GSK_PROTOCOL_TLSV1_2
andGSK_PROTOCOL_TLSV1_3
toOFF
or you do not set any of them, TLS v1.2 is automatically enabled (this is the default).If you set only
GSK_PROTOCOL_TLSV1_3
toON
, TLS v1.2 is not enabled. - To enable the TLS communication between a component that has been migrated to
version 10.1 and a component that is still at a version earlier than 10.1, ensure
that you set the following environment
variable:
GSK_V3_CIPHER_SPECS_EXPANDED=130313021301C030009FC02F009E0035
- According to the component that you are configuring, set the required SSL parameters. For a summary of the statements related to the SSL communication, see SSL connection.
For a scenario about how to set up a TLS communication with custom self-signed certificates, see Scenario: configuring TLS with custom self-signed certificates.