IBM: TCP/IP for VM

Z/VM TLS/SSL SERVER ELLIPTIC CURVE (ECC) SUPPORT

 
 STAT= CLOSED  UR1  FESN0461035-     CTID= EN0313 ISEV= 4
 SB18/06/14  RC18/06/19  CL18/12/06  PD           SEV= 4
                        PE=          SPEC/ATTN/Y  TYPE= D
 RCOMP= 5735FAL00    TCP/IP FOR Z/VM RREL= R710
 FCOMP= 5735FAL00    TCP/IP FOR Z/VM PFREL= F     TREL= T999
 ACTION=             SEC/INT=                     DUP/
 USPTF= UI60128      PDPTF=                       DUPS 0
 DW18/06/14  RT18/06/19  SC          FT          RE
 PT          UP          LP          PV          AP
 EN          FL          LC19/03/22  RU19/03/22  OT
 CT          FR          TD          TYPE OF SOLUTION=
 PROJECTED CLOSE CODE=        CUST INST LVL/SU=
 FAILING MODULE= SSLSERV      FAILING LVL/SU= 710
 SYSROUTE OF:          RET APAR=             PS=
 STATUS DETAIL= SHIPMENT        RELIEF AVAILABLE=
 COMP OPER ENV=  710
 
              N
 
        Y SPEC/ATTN/Y
                                     TYPE OF SOLUTION=
 PROJECTED CLOSE CODE=        CUST INST LVL/SU=
 FAILING MODULE=              FAILING LVL/SU=
 SYSROUTE OF:          RET APAR=      N      PS=
 STATUS DETAIL=   N N N N N     RELIEF AVAILABLE=
 COMP OPER ENV=
 
 SYSRES=      SYSIN=      SYSOUT=      CPU=             RE-IPL=
 OPTYPE=                 SPECIAL ACTIVITY=          REGRESSION=
 PRE-SCREEN NO.=          RSCP= RS710
 ERROR DESCRIPTION:
 The z/VM TLS/SSL server will strengthen encryption through the
 enablement of Elliptic Curve Cryptography (ECC) cipher suites.
 Elliptic Curve Cryptography provides a faster, more secure
 mechanism for asymmetric encryption than standard RSA or DSS
 algorithms.
 LOCAL FIX:
 PROBLEM SUMMARY:
 ****************************************************************
 * USERS AFFECTED: All users interested in using elliptical     *
 *                 curve ciphers to protect TLS communication.  *
 ****************************************************************
 * PROBLEM DESCRIPTION:                                         *
 ****************************************************************
 * RECOMMENDATION: APPLY PTF                                    *
 ****************************************************************
 z/VM TCP/IP Elliptic Curve Cryptography (ECC) Cipher Suite
 Support for Transport Layer Security (TLS)
 
 Enables support for the new cryptographic algorithms previously
 added for use by System SSL through the gskkyman interface.
 These new cryptographic algorithms provide stronger
 ciphers for the TLS/SSL server, which includes support for
 ECDH and ECDHE for key agreement.
 
 ECC ciphers have been enabled by default for use by TLS/SSL.
 Table 39 in the z/VM TCPIP Planning and Customization has been
 updated to indicate the ciphers enabled by protocol and mode.
 To use this support an ECC certificate must be created
 in the gskkyman database and specified for use on a secure
 connection.
 PROBLEM CONCLUSION:
 TEMPORARY FIX:
 COMMENTS:
 
 MODULES/MACROS:
 CMCOMM   CMNETST  MSNETSTA NETSTAT  QUERY    SCEXIT   SSLADMIN
 SSLADMIO SSLADMNP SSLCACHE SSLCIPHS SSLCTLIO SSLDPUMP SSLDSPTC
 SSLGSKCF SSLMNTOR SSLPARGS SSLREPRT SSLSCBEX SSLSTART SSLTOOLS
 SSLTRACE SSLTRSIT TCMIB    TCPARSE  TCPIP    TCUTIL   TNCOPY
 TNSTIN   TNSTMAS  TNTOTCP  VMSSL
 SRLS:
 GC24629401
 SC24630101
 SC24633301
 SC24633201
 SC24633101
 RTN CODES:
 APPLICABLE COMPONENT LEVEL/SU:
 R710 PSY UI60128 UP18/12/13 P      1901
 CIRCUMVENTION:
 MESSAGE TO SUBMITTER: