Table 1 identifies changes to environment variables used by System SSL. For detailed information about these environment variables, see z/OS Cryptographic Services System SSL Programming.
Environment variable | Release | Description | Reason for change |
---|---|---|---|
GSK_CERT_VALIDATE_KEYRING_ROOT | z/OS® V2R1 | New: Specifies whether validation to the root CA is required for certificates that are connected to a SAF key ring. | Enhanced certificate support |
GSK_CLIENT_ECURVE_LIST | z/OS V1R13 | New: Specifies the list of elliptic curves that are supported by the client. The list is used by the client to guide the server as to which elliptic curves are preferred when using ECC-based cipher suites. | Elliptic Curve Cryptography for TLS |
GSK_EXTENDED_RENEGOTIATION_INDICATOR | z/OS V1R12 | New: Specifies the level of enforcement of renegotiation indication as specified by RFC 5746 during the initial handshake. | RFC 5746 renegotiation |
GSK_PROTOCOL_TLSV1_2 | z/OS V1R13 with APAR OA39422 | New: Specifies whether the TLS V1.2 protocol is supported. | TLS V1.2 |
GSK_RENEGOTIATION | z/OS V1R12 | New: Specifies the type of session renegotiation that is allowed for an SSL environment. | RFC 5746 renegotiation |
GSK_RENEGOTIATION_PEER_CERT_CHECK | z/OS V1R12 | New: Specifies if the peer certificate is allowed to change during renegotiation. | RFC 5746 renegotiation |
GSK_SUITE_B_PROFILE | z/OS V2R1 | New: Specifies the Suite B profile to be applied to TLS sessions. | Suite B for TLS |
GSK_TLS_SIG_ALG_PAIRS | z/OS V1R13 with APAR OA39422 | New: Specifies the list of hash and signature algorithm pair specifications that are supported by the client and servers in order of preference. | TLS V1.2 |
GSK_V3_CIPHER_SPECS_EXPANDED | z/OS V1R13 with APAR OA39422 | Changed: Updated to support new ciphers added for TLS V1.2. | TLS V1.2 |
z/OS V1R13 | New: Specifies the SSL V3 cipher specifications in order of preference as a string consisting of 1 or more 4-character values. The SSL v3 cipher specifications are used for the SSL V3, TLS V1.0, and TLS V1.1 protocols. | Elliptic Curve Cryptography for TLS |