Hi - We are currently waiting on the SSL/TLS Encryption which will be included in CA:Gen 8.6 IR2. Can you give us an idea of when this release might be expected ?
Regards. - Werner Spreeuwenberg
SSL/TLS encryption is a priority for us in IR2 (Gen 8.6 incremental release 2). We are currently planning the implementation activities now that IR1 has been completed.
We cannot provide a definite delivery date for this (or any) feature, due to the many factors that may affect delivery times and work priorities, as well as the potential for unanticipated issues during development.
Since IR2 is currently getting underway, I think it's safe to say that we plan to deliver this in the foreseeable future. Also, we release as the capabilities become available and feasible to deliver. Some things require an IR boundary, and some can be released as separate PTFs outside of an IR or release boundary. If we can release it earlier than the full IR delivery, we will.
On what platforms are you expecting to use SSL/TLS?
Principal Architect, CA Gen
Thanks for the reply. We are currently connecting from the pc's client via the Client Manager to the z/OS mainframe server environment. Users login via their TSO login and RACF authorization is enforced on CICS transaction level.
Herewith the settings.
Transport API: Sockets
API DLL: IOTCP85N
Server Configuration: CICS Sockets Listener = YES
Server Configuration: IMS TCP/IP Direct Connect Host = NO
We are using the CICS Multiple Sockets Listener on mainframe.
You can ask Theresa Bredenkamp for more information if necessary. She helped last year to resolve our data integrity issues when connecting to the mainframe and might still have some of the printscreens and logfiles that were sent.
I'd like us to partake in the testing of the SSL/TLS connection. I do not know if this would be possible as we are currently still running CA:Gen 8.5 and although a GEN86 installation on a pc should be a matter of minutes, it will take more time and resources to have the necessary changes made on the TLS configuration of mainframe for which I'll need project approval. An upgrade to GEN86 is not in the planning for 2017 as we have just upgraded to GEN85 and are trying to limit the upgrades due to cost and risk aspects.
Please contact me on the email address below.
Are there any updates on an date when IR2 is expected ? I believe that ABN Amro is also keen in having the SSL/TSL option, but from a web application.
IR2 as a package is a while out, but we will release IR2 components as PTFs as they become available. SSL/TLS for Java proxies will be released shortly (within the current quarter), and additional support (including Client manager) is currently being developed and will be released when complete. I can't give you a firm date at this time, but several months development and QA remain before this support can be released.
Product Owner, Gen
Hi CA Communities/Rob Thomson,
Is there any further update as to when CA Gen 8.6 IR2 be released ?Once CA Gen 8.6 IR2 is available can you advise if it will support SSL/TLS 1.0 or will it support SSl/TLS 1.0 and SSL/TLS 1.2 ciphers ?
Vince PagliaroIBM/HCL Technical Architect
We are in the final stage of testing for TLS/SSL for Clients, and building the final PTF for TLS/SSL Java proxy. These will be released as discrete PTFs, and won't require a full "IR" style install. We have made the decision to proceed with continuous delivery in preference to large IRs.
TLS for Java Proxy will be available shortly (once we get through our internal PTF release process). TLS for Clients will be a bit longer - we are in the beginning stage of customer testing, and I can't predict how long that may take.
TLS (for all supported platforms) will be operative for 1.0 and 1.2.
Product Owner, CA Gen
Many thanks for the update.
Technical Architect, HCL Technologies, e-Mail firstname.lastname@example.org<mailto:email@example.com> Mob. 0411 124 554
Can you please advise on release date for CA Gen 8.8 IR2 ?
Also, wanted to know if this release will support certificate encryption via SSL/TLS 1.0 or SSL/TLS 1.2 ciphers or if this will be available in a later PTF release ?
IBM/HCL Technical Architect
You probably meant "CA Gen 8.6 IR2 ?"
Per Robert Thompson 's comment there will be no formal IR2 release and instead releasing features via discrete Continuous Delivery PTFs is now the process - see Rob's blog here for more details: CA Gen Development Blog no.5 - IRs and Continuous Delivery
The SSL/TLS Secure Connection PTFs for various platform combinations are already available on the Gen 8.6 Solutions and Patches page: CA Gen 8.6 Solutions & Patches - CA Technologies
These docops pages have more details:
CA Gen 8.6 Continuous Delivery Features - CA Gen - 8.6 - CA Technologies Documentation
Continuous Delivery - CA Gen - 8.6 - CA Technologies Documentation
PTFs - Continuous Delivery - CA Gen - 8.6 - CA Technologies Documentation
Hope that helps
Yes "CA Gen 8.6 IR2". I will keep a watch on Rob's blog for updates on SSL/TLS 1.0 and SSL/TLS 1.2 support.
The PTFs I referred to above are ones that give the SSL/TLS 1.0 and SSL/TLS 1.2 support. So these are available for:
Java Proxy to CICS
C Proxy to CICS
GUI C Client to CICS
Client Manager to CICS
Retrieving data ...