IBM: TCP/IP for VM

CRYPTO APVIRT SUPPORT FOR THE TLS/SSL SERVER AND LDAP/VM

 
 APAR Identifier ...... PI72106      Last Changed ........ 17/03/29
 CRYPTO APVIRT SUPPORT FOR THE TLS/SSL SERVER AND LDAP/VM
 
 Symptom ...... NF NEWFUNCTION       Status ........... CLOSED  UR1
 Severity ................... 4      Date Closed ......... 17/03/27
 Component .......... 5735FAL00      Duplicate of ........
 Reported Release ......... 640      Fixed Release ............ 999
 Component Name TCP/IP V2 FOR V      Special Notice
 Current Target Date ..              Flags
 SCP ...................
 Platform ............
 
 Status Detail: SHIPMENT - Packaged solution is available for
                           shipment.
 
 PE PTF List:
 
 PTF List:
 Release 640   : UI45923 available 17/03/29 (1000 )
 
 Parent APAR:
 Child APAR list:
 
 ERROR DESCRIPTION:
 This APAR implements new function in TCP/IP to provide
 CRYPTO APVIRT support for the TLS/SSL Server and LDAP/VM.
 
 LOCAL FIX:
 
 PROBLEM SUMMARY:
 ****************************************************************
 * USERS AFFECTED: All users of the TLS/SSL Server or the       *
 *                 LDAP/VM Server.                              *
 ****************************************************************
 * PROBLEM DESCRIPTION:                                         *
 ****************************************************************
 * RECOMMENDATION: APPLY PTF                                    *
 ****************************************************************
 This APAR implements new function in TCP/IP to provide:
 - CRYPTO APVIRT support for the TLS/SSL Server and LDAP/VM
 
 PROBLEM CONCLUSION:
 
 TEMPORARY FIX:
 
 COMMENTS:
 The System SSL V2.2 cryptographic library supporting z/VM V6.4
 service virtual machines is updated to offload cryptographic
 operations to Crypto Express hardware associated with your
 z Systems or LinuxONE hardware. This provides support for
 clear-key RSA operations.
 
 To enable this support, insert the 'CRYPTO APVIRTUAL' statement
 into the appropriate virtual machine directory entry. This
 statement will grant the TLS/SSL Server access to shared crypto
 domains associated with your z/VM partition. No other
 configuration change is required.
 
 Note:
 * If configuring a stand-alone (single) SSLSERV virtual machine,
 insert this statement directly into the SSLSERV directory entry.
 * If configuring a pool of multiple SSL servers, insert this
 statement into the appropriate PROFILE directory entry (such as
 PROFILE TCPSSLU).
 * If configuring LDAP/VM, insert this statement directly into
 the LDAPSRV directory entry.
 
 See the z/VM 6.4.0 TCP/IP books (dated March 2017) for
 information on using these enhancements:
 http://www.vm.ibm.com/library/
 
 MODULES/MACROS:
 GSKAPQQ  GSKCMS31 GSKC31   GSKC31F  ICSFLIB  SSLGSKCF
 
 SRLS:
 SC246238XX
 GC246095XX
 
 RTN CODES:
 
 CIRCUMVENTION:
 
 MESSAGE TO SUBMITTER: