Skip to main content

z/OS Configuration - Enabling TLS 1.3

Several components included in the Universal Agent for z/OS package can be configured to support making TLS 1.3 sessions. This is done by setting the MAX_SSL_PROTOCOL option to TLS1_3. The default value for this option is TLS1_2, meaning by default with no configuration, components have a maximum supported TLS version of TLS 1.2. There are quite a lot of components with this option, so to ease configuration, the INSTALL(UNVIN15) job included with the installation can be used to configure all relevant components to support TLS 1.3 at once. This is an optional installation step.

info

To avoid connection errors between components, TLS 1.3 support must either be enabled for all components or none.

The INSTALL(UNVIN15) job will append MAX_SSL_PROTOCOL TLS1_3 to the following component configurations:

  • Universal Broker (UBRCFG00)
  • Universal Agent (UAGCFG00)
  • Universal Command (UCMCFG00)
  • Universal Command Server (UCSCFG00)
  • Universal Control (UCTCFG00)
  • Universal Data Mover (UDMCFG00)
  • Universal Data Mover Server (UDSCFG00)
  • Universal Event Monitor (UEMCFG00)
  • Universal FTP Client (UFTCFG00)

The INSTALL(UNVIN15) job will also append ENCRYPT YES to the following component configurations:

  • Universal Command (UCMCFG00)
  • Universal Command Server (UCSCFG00)
  • Universal Data Mover (UDMCFG00)