NIST 800-131A MODE SUPPORT FOR Z/VM SSL SERVER
APAR Identifier ...... PM93363 Last Changed ........ 14/05/28
NIST 800-131A MODE SUPPORT FOR Z/VM SSL SERVER
Symptom ...... NF NEW FUNCTION Status ........... CLOSED UR1
Severity ................... 4 Date Closed ......... 13/11/13
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 630 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice
Current Target Date .. Flags
SCP ...................
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 630 : UI12490 available 13/11/13 (1401 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
The z/VM SSL Server does not currently have a mechanism to
enforce an asymmetric key size minimum value of 2048. This
enforcement is a requisite for compliance to NIST Special
Publication 800-131a.
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of the z/VM TCP/IP feature that *
* use the z/VM SSL Server. *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
NIST Special Publication 800-131A is a newer standard for key
use in cryptographic operations which mandates restrictions on
the use of previously permissible key lengths. Specifically,
lengths of asymmetric keys are required to be at least 2048 and
a hash in the SHA-2 family is recommended by this standard.
The z/VM SSL Server currently does not have an internal
mechanism or option for restricting asymmetric key usage. The
previously available 'FIPS' mode will only restrict keys less
than 1024 in length, but this is not sufficient to meet newer
standards.
PROBLEM CONCLUSION:
TEMPORARY FIX:
COMMENTS:
The z/VM SSL Server has been updated to accept a new operand
'MODE' as part of its VMSSL or DTCPARMS start-up processing.
This option accepts one of two keywords as parameters:
'FIPS-140-2' (which replaces the existing 'FIPS' operand) and
'NIST-800-131A'. This latter mode changes the operational
behavior of the SSL Server as follows:
1. All connections must use TLS 1.2. All other protocols
are disabled.
2. All asymmetric keys must be 2048 in length and either
RSA or Diffie-Hellman.
3. SHA-256 is the minimum required hash for a digital
certificate.
The SSLADMIN EXEC has been updated to reflect 'Cryptographic
Modes' enabled and disabled via the SSLADMIN QUERY STATUS
DETAILS command.
The z/VM 6.3 TCP/IP Planning and Customization Guide (SC24-6238-
04) will be updated as follows:
1. The 'VMSSL Command' syntax diagram (page 532) will be updated
to reflect the 'MODE' operand. On the following pages, the
'Operands' list will be updated to describe the MODE operand in
detail, as follows:
MODE
establishes a baseline of functionality for the entire SSL
Server. The values that can be specified are:
FIPS-140-2
indicates that the SSL server should operate according to
Federal Information Processing Standard (FIPS) 140-2. This
mode allows only TLS protocols to be used, and restricts the
usage of some cipher suites.
Operand MODE FIPS-140-2 is equivalent to setting operand
FIPS.
NIST-800-131A
indicates that the SSL server should operate according to
NIST Special Publication 800-131a. This requires the use of
TLS 1.2, restricts the usage of certain cipher suites, and
mandates the use of RSA or Diffie Hellman keys of 2048 or
greater for all secure connections.
Note:
* MODE can be specified multiple times to enable available
standards of operation. In cases where multiple standards are
enabled, the maximum common subset of functionality will be
enabled.
* MODE FIPS-140-2 is the preferred method of enabling
FIPS-compliant behavior for the SSL server; it should replace
the use of the FIPS operand.
* If MODE NIST-800-131A is enabled, all protocols other than
TLS 1.2 will be automatically disabled. TLS 1.2 must still
be enabled using the PROTOCOL operand.
* Specifying MODE FIPS-140-2 requires that the SSL server be
associated with a FIPS-compliant certificate database.
Tables 36 and 37, regarding SSLV2, SSLV3, and TLS Cipher Suite
values, will be updated to indicate whether a cipher suite is
associated with either cryptographic mode (or both). This will
provide an easier reference for determining whether the setting
of the MODE operand is compatible with local security policy.
The existing Table 38, which highlighted FIPS-compliant cipher
suites specifically, will be deleted.
The SSLADMIN QUERY command description on page 554 and 555 will
be updated to display the new 'Cryptographic Mode details' field
of SSLADMIN QUERY STATUS DETAILS, which will appears as follows:
DTCSSL2430I Cryptographic Mode details:
Server State: Modes:
--------- -------- -----------------------------------------
<*ALL*> Enabled FIPS-140-2
<*ALL*> Disabled NIST-800-131A
SSL00005 <*Data Not Available*>
SSL00004 <*Data Not Available*>
A description of the header fields will follow on page 556,
as follows:
The fields of the "Cryptographic Mode details" portion of this
response supply the following information:
Server Identifies an SSL server name, or is the value
<*ALL*>, which represents all SSL servers.
State Indicates whether listed cryptographic modes
are enabled for, or disabled from, use by an
SSL server.
Modes One or more cryptographic modes of operation,
such as FIPS 140-2 or NIST SP 800-131A.
In the same section, the SSLADMIN QUERY STATUS SUMMARY example
text will be updated to note a changed header field,
"Mode(s) Configured", which replaces a FIPS-specific indicator.
The z/VM 6.3 TCP/IP Messages and Codes manual (GC24-6237-03)
will be updated to provide the following new messages, under
'SSL Server Messages' in Chapter 17:
DTCSSL104I Operating in NIST SP 800-131a mode
Explanation: The SSL server has been started in NIST SP
800-131a compliant mode.
System action: Server operations continue.
System programmer response: None.
DTCSSL105I Not operating in NIST SP 800-131a mode
Explanation: The SSL server has not been started in
NIST SP 800-131a compliant mode.
System action: Server operations continue.
System programmer response: None.
DTCSSL506E Key exchange lengths less than 2048 are not
supported in NIST 800-131A mode
Explanation: For security reasons, RSA or DSA key exchange
lengths of less than 2048 bits are not permitted when
MODE NIST-800-131A is specified.
System action: Server operations continue. The subject
secure connection is terminated.
System programmer response: Obtain a new certificate from the
appropriate Certifying Authority (CA) to use in place of the
current certificate. Install the replacement certificate in
the key database and make any necessary configuration changes
(inclusive of an SSLADMIN REFRESH command, if appropriate).
Then, confirm that secure connections can be established with
the new certificate in place.
In the same section, messages DTCSSL101I and DTCSSL102I will
be updated to fix a documentation error, correcting the spelling
of "FIPS 104-2" to "FIPS 140-2".
The z/VM 6.3 TCP/IP Messages and Codes manual (GC24-6237-03)
will be updated to provide the following new messages, under
'SSLADMIN and VMSSL Messages' in Chapter 17:
DTCSSL2464W Only TLS V1.2 may be used in NIST
SP 800-131A mode. All other protocols
have been disabled.
Explanation: For security reasons, the SSL Server
disables SSLv2, SSLv3, TLS 1.0, and TLS 1.1 when
operating in NIST SP 800- 131a mode. This is managed
internally by the SSL Server and cannot be overridden.
System action: None.
System programmer response: None.
DTCSSL2465W FIPS operand is deprecated; the
MODE operand should be used instead.
Explanation: The MODE operand replaces the FIPS
operand. This message is issued when the FIPS
operand is specified during initialization of the SSL
System action: None.
System programmer response: Specify MODE
FIPS-140-2 instead of FIPS on the VMSSL command or
in DTCPARMS.
MODULES/MACROS: DTCUME DTCUMEB QUERY SSLADMIN SSLADMIO
SSLADMNP SSLCIPHS SSLCTLIO SSLDSPTC SSLGSKCF SSLPARGS SSLREPRT
SSLSTART SSLTRSIT VMSSL
SRLS: SC24623804 GC24623703
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: