IBM Z Simplification

IBM Z Simplification

IBM Z Simplification

Transforming IBM Z into an simpler, more intuitive platform so every user, from beginners to experts, can learn faster, work confidently, and drive meaningful outcomes.

 View Only

  • 1.  Security Deprecations

    Posted Mon April 06, 2026 07:46 PM
    Edited by Sneha Kanaujia Fisher 12 hours ago
    Added 2026-05-27:

    IRRPRMxx BUFFERS Parameter Simplification

    What is being removed or changed

    In a future z/OS release following z/OS 3.2, the IRRPRMxx parmlib option BUFFERS(nnn) will no longer be configurable. RACF will always use a fixed value of 255 buffers, regardless of what is specified in IRRPRMxx or in the RACF data set names table (ICHRDSNT). No message will be issued when this occurs.

    Required customer migration or upgrade actions

    Review IRRPRMxx parmlib members for any use of the BUFFERS parameter. Plan to remove the BUFFERS(nnn) specification once all systems in the environment are running on the updated release. Verify that the small increase in ECSA storage from using 255 buffers is acceptable.

    This change will be made the next release of z/OS. More information can be made available by requesting in thread below.

    Links to the relevant documentation

    IRRPRMxx parmlib parameter syntax

    Added 2026-04-29:

    Changes to OpenSSH for z/OS

    What is being removed or changed

    The next deliverable of OpenSSH for z/OS that introduces a new release of OpenSSH, is planned to support multiple Post Quantum Cryptography (PQC) algorithms, while permanently removing support for weak Digital Signature Algorithm (DSA). Specifically, OpenSSH for z/OS is being updated to provide currency and support PQC key exchange using a hybrid scheme, while removing support for the ssh-dss host key algorithm. These changes align with changes made by the OpenSSH open source community.

    Links to the relevant documentation

    z/OS Statement of Direction AD26-0431

    Added 2026-04-06:

    Deprecated CMS and SSL APIs; SSLv2 and SSLv3 Protocols

    What is being removed or changed

    z/OS 3.2 is planned to be the last release to support:

    •            Deprecated CMS APIs
    •            Deprecated SSL APIs
    •            SSLv2 and SSLv3 protocols

    These protocols and APIs have been deprecated by industry standards bodies and are no longer considered secure.

    Required customer migration or upgrade actions

    Customers must:

    •             Identify applications using deprecated CMS or SSL APIs
    •            Migrate applications to supported cryptographic APIs
    •            Update System SSL and ATTLS configurations to use modern TLS protocols

    Failure to update may prevent applications from running on releases beyond z/OS 3.2.

    Links to the relevant documentation

    z/OS 3.2 Announcement - Statement of Direction AD26-0005

    z/OS Cryptographic Services documentation



Related Content