In z/OS 2.3 some of the older encryption methods are no longer support and you will may need to change your certificate.
If you are using weak certificates, or have a weak Certificate Authority certificate , you will need to created new certificates. This may be a non trivial task, as you may have to update the certificates on many machines, organisations you communicate with.
So it you have an RSA keylength of 1023 bits – this is one bit short of the 1024.
Here is a link to the z/OS 2.3 migration guide. Some of the key text from this manual is
IP Services: Ensure TLS/SSL secure connection in non-FIPS mode meets the
minimum peer end-entity certificate key size
System SSL is raising the minimum asymmetric key size for peer certificates used during the negotiation of a TLS/SSL secure connection in non-FIPS mode. The minimum key sizes are as follows:
- RSA changed to 1024 bits from 512 bits
- DSA changed to 1024 bits from 512 bits
- DH changed to 1024 bits from 512 bits
- ECC changed to 192 bits from 160 bits
ColinPaice 