Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Workspace z/OS
Categories SSL
Created by Guest
Created on Jun 7, 2024

System SSL HTTP CRL request should understand all valid HTTP/1.0 or HTTP/1.1 protocol responses

At the moment System SSL describes the following requirement:
"System SSL uses the HTTP/1.1 protocol to send the HTTP CRL request and requires an HTTP/1.0 or HTTP/1.1 protocol response.
The HTTP response must include a valid content-length field that has the length of the CRL in bytes."

We demand that System SSL should understand all valid HTTP protocol responses.

The certificate revocation check infrastructure is independent of our z/OS platform. The provider of the
infrastructure told us "Every client that sends requests with HTTP Version 1.1, should be able to understand "chunked"
answers - if not requests should be send with HTTP Version 1.0."
For a full verification of the certificate chain System SSL must understand the HTTP response. 
 

Idea priority High
  • Guest
    Reply
    |
    Aug 21, 2024

    Hello, because CRL Provider is an external outsite the enterprise it is to be exprected, RFC 7230 is re-enforced soon. Causing the failure again.

    That's why it is important to get an outlook for a solution .
    3.1. System SSL docs says: The HTTP response must include a valid content-length field that has the length of the CRL in bytes."
    which is not according to the RFC 7230: 
    A sender MUST NOT send a Content-Length header field in any message that contains a Transfer-Encoding header field.

    Thanks a lot !