TCP/IP for z/VM
Secure Socket Layer (SSL) Server
Configuration Information and Requirements
z/VM Level 610
The functional enhancements that follow are available for z/VM Version
6 Release 1.0 (610) only:
-
SSL Server Federal Information Processing Standard (FIPS) 140-2 Support.
The APARs that follow, in combination, provide this support:
-
PM10616:
SSL Server Federal Information Processing Standard (FIPS) 140-2 Support
-
PM08418:
Upgrade System SSL to Support FIPS
-
VM64751:
Upgrade CMS BINDER to Z/OS 1.11 Level
-
VM64805:
Add GET_LOADMOD_INFO function to CEEO1LOD
The first two APARs listed above are z/VM TCP/IP changes. The third APAR is a
change to CMS that requires a rebuild of the CMS nucleus and NSS, while the
fourth APAR is a change to z/VM Language Environment that requires a
rebuild of the LE DCSS.
Note:
APAR PM10616 is predicated on the updates associated with the
"SSL Server Performance and Scalability Enhancements,"
described below.
z/VM Level 610
z/VM Level 540
With z/VM Version 5 Release 4.0 (540), the SSL server is
implemented as a CMS-based server for which the key database is
maintained in the z/VM Byte File System (BFS), and which is managed via a
stand-alone utility program, gskkyman.
This same implementation is supplied at the base level with
z/VM Version 6 Release 1.0 (610).
-
SSL Server Performance and Scalability Enhancements
APARs that provide
SSL Server Performance and Scalability Enhancements
recently have closed.
Significant infrastructure changes, which affect the user ID, minidisk and
Shared File System (SFS) resources that comprise the z/VM 540 and 610 TCP/IP
z/VM operational environments are introduced with the APARs (listed below)
that provide this support:
-
PK97437:
SSLADMIN, TCPRUN and Related Packaging Changes
-
PK97438:
SSLSERV Module Updates
-
PK75662:
TCPIP Module Updates
The PTFs for the above-listed APARs are:
- Release 610 : UK59536
- Release 540 : UK59535
Note:
The above PTFs now are included on the respective RSUs for each level of
z/VM. Thus, applicaton of a current RSU will require system updatesto
accommodate the revised SSL server implemention, if SSL services are used
by an installation (and, if the listed PTFs previously have not been
applied to a system).
-
If you are using z/VM Version 5 Release 4.0 (540) or
z/VM Version 6 Release 1.0 (610), refer to
the Configuration Information and Requirements
for z/VM 540 for information about how to install and configure
the SSL server for your environment.
Notes:
-
Coincident with the change in implementation of the z/VM 540 SSL
server, the (Linux-only) vmsock module and its program source are no
longer provided with z/VM.
-
To migrate certificates (with private keys) from a 530 level
certificate database, to that used by the 540 level SSL server, the
PTF for APAR PK75661 must be
installed.
Detailed information for installing the updated RPMs provided by this PTF, and
instructions for migrating certfificates for use by a z/VM 540 (or later) SSL
server can be found at the TCP/IP for
z/VM 530 SSL Server: Certificate With Key Export Support page.
Should the need arise to migrate certfificates from a z/VM 520 level
certificate database, contact the IBM support center.
| | SSL Server - Service Updates |
Check the following links for detailed information about service
updates that are available for the z/VM SSL server, as well as for
information that can help with resolving several common SSL service
problems.
| | SSL Server - Documentation Updates / Supplements |
Check the following links for updated or supplementary SSL server
documentation, for topics such as certificate/ke database migration and using
test certificates.
| | Additional Linux Resources |
More information about Linux for S/390, its installation, and use
can be obtained through the following publications and links:
|
