CRYPTO APVIRT SUPPORT FOR THE TLS/SSL SERVER AND LDAP/VM
APAR Identifier ...... PI72106 Last Changed ........ 17/03/29 CRYPTO APVIRT SUPPORT FOR THE TLS/SSL SERVER AND LDAP/VM Symptom ...... NF NEWFUNCTION Status ........... CLOSED UR1 Severity ................... 4 Date Closed ......... 17/03/27 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 640 Fixed Release ............ 999 Component Name TCP/IP V2 FOR V Special Notice Current Target Date .. Flags SCP ................... Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 640 : UI45923 available 17/03/29 (1000 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: This APAR implements new function in TCP/IP to provide CRYPTO APVIRT support for the TLS/SSL Server and LDAP/VM. LOCAL FIX: PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All users of the TLS/SSL Server or the * * LDAP/VM Server. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** This APAR implements new function in TCP/IP to provide: - CRYPTO APVIRT support for the TLS/SSL Server and LDAP/VM PROBLEM CONCLUSION: TEMPORARY FIX: COMMENTS: The System SSL V2.2 cryptographic library supporting z/VM V6.4 service virtual machines is updated to offload cryptographic operations to Crypto Express hardware associated with your z Systems or LinuxONE hardware. This provides support for clear-key RSA operations. To enable this support, insert the 'CRYPTO APVIRTUAL' statement into the appropriate virtual machine directory entry. This statement will grant the TLS/SSL Server access to shared crypto domains associated with your z/VM partition. No other configuration change is required. Note: * If configuring a stand-alone (single) SSLSERV virtual machine, insert this statement directly into the SSLSERV directory entry. * If configuring a pool of multiple SSL servers, insert this statement into the appropriate PROFILE directory entry (such as PROFILE TCPSSLU). * If configuring LDAP/VM, insert this statement directly into the LDAPSRV directory entry. See the z/VM 6.4.0 TCP/IP books (dated March 2017) for information on using these enhancements: http://www.vm.ibm.com/library/ MODULES/MACROS: GSKAPQQ GSKCMS31 GSKC31 GSKC31F ICSFLIB SSLGSKCF SRLS: SC246238XX GC246095XX RTN CODES: CIRCUMVENTION: MESSAGE TO SUBMITTER: