IBM Z Simplification

IBM Z Simplification

IBM Z Simplification

Transforming IBM Z into an simpler, more intuitive platform so every user, from beginners to experts, can learn faster, work confidently, and drive meaningful outcomes.

 View Only

  • 1.  Security Deprecations

    Posted Mon April 06, 2026 07:46 PM
    Edited by Sneha Kanaujia Fisher 28 days ago
    Added 2026-04-29:

    Changes to OpenSSH for z/OS

    What is being removed or changed

    The next deliverable of OpenSSH for z/OS that introduces a new release of OpenSSH, is planned to support multiple Post Quantum Cryptography (PQC) algorithms, while permanently removing support for weak Digital Signature Algorithm (DSA). Specifically, OpenSSH for z/OS is being updated to provide currency and support PQC key exchange using a hybrid scheme, while removing support for the ssh-dss host key algorithm. These changes align with changes made by the OpenSSH open source community.

    Links to the relevant documentation

    z/OS Statement of Direction AD26-0431

    Added 2026-04-06:

    Deprecated CMS and SSL APIs; SSLv2 and SSLv3 Protocols

    What is being removed or changed

    z/OS 3.2 is planned to be the last release to support:

    •            Deprecated CMS APIs
    •            Deprecated SSL APIs
    •            SSLv2 and SSLv3 protocols

    These protocols and APIs have been deprecated by industry standards bodies and are no longer considered secure.

    Required customer migration or upgrade actions

    Customers must:

    •             Identify applications using deprecated CMS or SSL APIs
    •            Migrate applications to supported cryptographic APIs
    •            Update System SSL and ATTLS configurations to use modern TLS protocols

    Failure to update may prevent applications from running on releases beyond z/OS 3.2.

    Links to the relevant documentation

    z/OS 3.2 Announcement - Statement of Direction AD26-0005

    z/OS Cryptographic Services documentation



Related Content