NIST 800-131A MODE SUPPORT FOR Z/VM SSL SERVER


 
 APAR Identifier ...... PM93363      Last Changed ........ 14/05/28
 NIST 800-131A MODE SUPPORT FOR Z/VM SSL SERVER
 
 Symptom ...... NF NEW FUNCTION      Status ........... CLOSED  UR1
 Severity ................... 4      Date Closed ......... 13/11/13
 Component .......... 5735FAL00      Duplicate of ........
 Reported Release ......... 630      Fixed Release ............ 999
 Component Name TCP/IP V2 FOR V      Special Notice
 Current Target Date ..              Flags
 SCP ...................
 Platform ............
 
 Status Detail: SHIPMENT - Packaged solution is available for
                           shipment.
 
 PE PTF List:
 
 PTF List:
 Release 630   : UI12490 available 13/11/13 (1401 )
 
 Parent APAR:
 Child APAR list:
 
 ERROR DESCRIPTION:
 The z/VM SSL Server does not currently have a mechanism to
 enforce an asymmetric key size minimum value of 2048.  This
 enforcement is a requisite for compliance to NIST Special
 Publication 800-131a.
 
 LOCAL FIX:
 
 PROBLEM SUMMARY:
 ****************************************************************
 * USERS AFFECTED: All users of the z/VM TCP/IP feature that    *
 *                 use the z/VM SSL Server.                     *
 ****************************************************************
 * PROBLEM DESCRIPTION:                                         *
 ****************************************************************
 * RECOMMENDATION: APPLY PTF                                    *
 ****************************************************************
 NIST Special Publication 800-131A is a newer standard for key
 use in cryptographic operations which mandates restrictions on
 the use of previously permissible key lengths. Specifically,
 lengths of asymmetric keys are required to be at least 2048 and
 a hash in the SHA-2 family is recommended by this standard.
 
 The z/VM SSL Server currently does not have an internal
 mechanism or option for restricting asymmetric key usage. The
 previously available 'FIPS' mode will only restrict keys less
 than 1024 in length, but this is not sufficient to meet newer
 standards.
 
 PROBLEM CONCLUSION:
 
 TEMPORARY FIX:
 
 COMMENTS:
 The z/VM SSL Server has been updated to accept a new operand
 'MODE' as part of its VMSSL or DTCPARMS start-up processing.
 This option accepts one of two keywords as parameters:
 'FIPS-140-2' (which replaces the existing 'FIPS' operand) and
 'NIST-800-131A'. This latter mode changes the operational
 behavior of the SSL Server as follows:
 
  1. All connections must use TLS 1.2. All other protocols
     are disabled.
  2. All asymmetric keys must be 2048 in length and either
     RSA or Diffie-Hellman.
  3. SHA-256 is the minimum required hash for a digital
     certificate.
 
 The SSLADMIN EXEC has been updated to reflect 'Cryptographic
 Modes' enabled and disabled via the SSLADMIN QUERY STATUS
 DETAILS command.
 
 The z/VM 6.3 TCP/IP Planning and Customization Guide (SC24-6238-
 04) will be updated as follows:
 
 1. The 'VMSSL Command' syntax diagram (page 532) will be updated
 to reflect the 'MODE' operand. On the following pages, the
 'Operands' list will be updated to describe the MODE operand in
 detail, as follows:
 
 MODE
   establishes a baseline of functionality for the entire SSL
   Server. The values that can be specified are:
 
   FIPS-140-2
    indicates that the SSL server should operate according to
    Federal Information Processing Standard (FIPS) 140-2. This
    mode allows only TLS protocols to be used, and restricts the
    usage of some cipher suites.
    Operand MODE FIPS-140-2 is equivalent to setting operand
    FIPS.
 
   NIST-800-131A
    indicates that the SSL server should operate according to
    NIST Special Publication 800-131a. This requires the use of
    TLS 1.2, restricts the usage of certain cipher suites, and
    mandates the use of RSA or Diffie Hellman keys of 2048 or
    greater for all secure connections.
 
  Note:
  * MODE can be specified multiple times to enable available
    standards of operation. In cases where multiple standards are
    enabled, the maximum common subset of functionality will be
    enabled.
  * MODE FIPS-140-2 is the preferred method of enabling
    FIPS-compliant behavior for the SSL server; it should replace
    the use of the FIPS operand.
  * If MODE NIST-800-131A is enabled, all protocols other than
 
    TLS 1.2 will be automatically disabled.  TLS 1.2 must still
    be enabled using the PROTOCOL operand.
  * Specifying MODE FIPS-140-2 requires that the SSL server be
    associated with a FIPS-compliant certificate database.
 
 Tables 36 and 37, regarding SSLV2, SSLV3, and TLS Cipher Suite
 values, will be updated to indicate whether a cipher suite is
 associated with either cryptographic mode (or both). This will
 provide an easier reference for determining whether the setting
 of the MODE operand is compatible with local security policy.
 The existing Table 38, which highlighted FIPS-compliant cipher
 suites specifically, will be deleted.
 
 The SSLADMIN QUERY command description on page 554 and 555 will
 be updated to display the new 'Cryptographic Mode details' field
 of SSLADMIN QUERY STATUS DETAILS, which will appears as follows:
 
     DTCSSL2430I Cryptographic Mode details:
     Server    State:   Modes:
     --------- -------- -----------------------------------------
     <*ALL*>   Enabled  FIPS-140-2
     <*ALL*>   Disabled NIST-800-131A
     SSL00005 <*Data Not Available*>
     SSL00004 <*Data Not Available*>
 
 A description of the header fields will follow on page 556,
 as follows:
 
   The fields of the "Cryptographic Mode details" portion of this
   response supply the following information:
 
   Server   Identifies an SSL server name, or is the value
            <*ALL*>, which represents all SSL servers.
   State    Indicates whether listed cryptographic modes
            are enabled for, or disabled from, use by an
            SSL server.
   Modes    One or more cryptographic modes of operation,
            such as FIPS 140-2 or NIST SP 800-131A.
 
 In the same section, the SSLADMIN QUERY STATUS SUMMARY example
 text will be updated to note a changed header field,
 "Mode(s) Configured", which replaces a FIPS-specific indicator.
 
 The z/VM 6.3 TCP/IP Messages and Codes manual (GC24-6237-03)
 will be updated to provide the following new messages, under
 'SSL Server Messages' in Chapter 17:
 
   DTCSSL104I Operating in NIST SP 800-131a mode
   Explanation:  The SSL server has been started in NIST SP
   800-131a compliant mode.
   System action:  Server operations continue.
   System programmer response:  None.
 
   DTCSSL105I Not operating in NIST SP 800-131a mode
   Explanation:  The SSL server has not been started in
 
   NIST SP 800-131a compliant mode.
   System action:  Server operations continue.
   System programmer response:  None.
 
   DTCSSL506E Key exchange lengths less than 2048 are not
   supported in NIST 800-131A mode
 
   Explanation:  For security reasons, RSA or DSA key exchange
   lengths of less than 2048 bits are not permitted when
   MODE NIST-800-131A is specified.
 
   System action:  Server operations continue. The subject
   secure connection is terminated.
 
   System programmer response:  Obtain a new certificate from the
   appropriate Certifying Authority (CA) to use in place of the
   current certificate.  Install the replacement certificate in
   the key database and make any necessary configuration changes
   (inclusive of an SSLADMIN REFRESH command, if appropriate).
   Then, confirm that secure connections can be established with
   the new certificate in place.
 
 In the same section, messages DTCSSL101I and DTCSSL102I will
 be updated to fix a documentation error, correcting the spelling
 of "FIPS 104-2" to "FIPS 140-2".
 
 The z/VM 6.3 TCP/IP Messages and Codes manual (GC24-6237-03)
 will be updated to provide the following new messages, under
 'SSLADMIN and VMSSL Messages' in Chapter 17:
 
 DTCSSL2464W Only TLS V1.2 may be used in NIST
             SP 800-131A mode. All other protocols
             have been disabled.
 Explanation: For security reasons, the SSL Server
 disables SSLv2, SSLv3, TLS 1.0, and TLS 1.1 when
 operating in NIST SP 800- 131a mode. This is managed
 internally by the SSL Server and cannot be overridden.
 System action: None.
 System programmer response: None.
 
 DTCSSL2465W FIPS operand is deprecated; the
 MODE operand should be used instead.
 Explanation: The MODE operand replaces the FIPS
 operand. This message is issued when the FIPS
 operand is specified during initialization of the SSL
 System action: None.
 System programmer response: Specify MODE
 FIPS-140-2 instead of FIPS on the VMSSL command or
 in DTCPARMS.
 
 MODULES/MACROS:   DTCUME   DTCUMEB  QUERY    SSLADMIN SSLADMIO
 SSLADMNP SSLCIPHS SSLCTLIO SSLDSPTC SSLGSKCF SSLPARGS SSLREPRT
 SSLSTART SSLTRSIT VMSSL
 
 SRLS:      SC24623804 GC24623703
 
 RTN CODES:
 
 CIRCUMVENTION:
 
 MESSAGE TO SUBMITTER: