Skip to main content

IBM Systems  >   z Systems  >   z/VM  >  

TCP/IP for z/VM
Secure Socket Layer (SSL) Server
Configuration Information and Requirements

z/VM Level 630

The functional enhancements that follow are available for z/VM Version 6 Release 3.0 (630) only:

z/VM Level 610

The functional enhancements that follow are available for z/VM Version 6 Release 1.0 (610) only:
  • SSL Server Federal Information Processing Standard (FIPS) 140-2 Support. The APARs that follow, in combination, provide this support:
    • PM10616: SSL Server Federal Information Processing Standard (FIPS) 140-2 Support
    • PM08418: Upgrade System SSL to Support FIPS
    • VM64751: Upgrade CMS BINDER to Z/OS 1.11 Level
    • VM64805: Add GET_LOADMOD_INFO function to CEEO1LOD

    The first two APARs listed above are z/VM TCP/IP changes. The third APAR is a change to CMS that requires a rebuild of the CMS nucleus and NSS, while the fourth APAR is a change to z/VM Language Environment that requires a rebuild of the LE DCSS.

    Note:
    APAR PM10616 is predicated on the updates associated with the "SSL Server Performance and Scalability Enhancements," described below.

z/VM Level 610
z/VM Level 540

With z/VM Version 5 Release 4.0 (540), the SSL server is implemented as a CMS-based server for which the key database is maintained in the z/VM Byte File System (BFS), and which is managed via a stand-alone utility program, gskkyman.

This same implementation is supplied at the base level with z/VM Version 6 Release 1.0 (610).

  • SSL Server Performance and Scalability Enhancements

    APARs that provide SSL Server Performance and Scalability Enhancements recently have closed. Significant infrastructure changes, which affect the user ID, minidisk and Shared File System (SFS) resources that comprise the z/VM 540 and 610 TCP/IP z/VM operational environments are introduced with the APARs (listed below) that provide this support:

    • PK97437: SSLADMIN, TCPRUN and Related Packaging Changes
    • PK97438: SSLSERV Module Updates
    • PK75662: TCPIP Module Updates

    The PTFs for the above-listed APARs are:

    • Release 610 : UK59536
    • Release 540 : UK59535
    Note:
    The above PTFs now are included on the respective RSUs for each level of z/VM. Thus, applicaton of a current RSU will require system updatesto accommodate the revised SSL server implemention, if SSL services are used by an installation (and, if the listed PTFs previously have not been applied to a system).

  • If you are using z/VM Version 5 Release 4.0 (540) or z/VM Version 6 Release 1.0 (610), refer to the Configuration Information and Requirements for z/VM 540 for information about how to install and configure the SSL server for your environment.

    Notes:

    • Coincident with the change in implementation of the z/VM 540 SSL server, the (Linux-only) vmsock module and its program source are no longer provided with z/VM.

   SSL Server - Service Updates

Check the following links for detailed information about service updates that are available for the z/VM SSL server, as well as for information that can help with resolving several common SSL service problems.

   SSL Server - Documentation Updates / Supplements

Check the following links for updated or supplementary SSL server documentation, for topics such as certificate/ke database migration and using test certificates.