Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace z/OS
Categories SSL
Created by Guest
Created on May 16, 2017

Add System SSL API to Retrive All Certificates Presented by a ServerHello TLS Negotiation Message

We use System SSL on z/OS V2R1 to diagnose and analyse problems involving TLS connections, certificates, and key rings. During a recent issue we were debugging, we discovered that the gsk_attribute_get_cert_info() API only returns the final server certificate. It does not return any of the intermediate certificates in the chain presented by the server during the TLS negotiation handshake. We would like a way for the System SSL API to pass all
certificates sent by the server to the user to help confirm that the server-side is sending the intermediate chain certificates properly without using the GSK_TRACE service or a network sniffer.

Idea priority Low
  • Guest
    Reply
    |
    May 22, 2024

    Starting about z/OS V2R5 or so you can get this information by coding the certificate callback exit in your System SSL application.

  • Guest
    Reply
    |
    May 22, 2024
    .Thank you for the submission of this idea. This idea is a valid requirement but unlikely to be given high enough priority to be placed into the product plan. If this requirement is high value, please re-open it, or open a new idea.