Description: Starting in z/OS V2R1, System SSL will attempt to use ICSF services if ICSF is active during AT-TLS group initialization. If ICSF is active and the CSFSERV class is active, the userid associated with TCP/IP stack should have READ access to the CSFIQA and CSFRNG resources of the CSFSERV class. This will allow System SSL to be aware of the hardware available with ICSF and use ICSF to generate random numbers during initialization. Application userids using AT-TLS groups should also be given READ access to the CSFRNG resource of the CSFSERV class.
| Element or feature: | Communications Server |
| When change was introduced: | z/OS V2R1. |
| Applies to migration from: | z/OS V1R13 and z/OS V1R12. |
| Timing: | Before the first IPL of z/OS V2R1. |
| Is the migration action required? | Yes. |
| Target system hardware requirements: | None. |
| Target system software requirements: | None. |
| Other system (coexistence or fallback) requirements: | None. |
| Restrictions: | None. |
| System impacts: | None. |
| Related IBM Health Checker for z/OS check: | None. |
Reference information: See “See Chapter 3. Using Cryptographic Features with System SSL" in z/OS Cryptographic Services System SSL Programming.