About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
CRYPTO APVIRT SUPPORT FOR THE TLS/SSL SERVER AND LDAP/VM
APAR Identifier ...... PI72106 Last Changed ........ 17/03/29
CRYPTO APVIRT SUPPORT FOR THE TLS/SSL SERVER AND LDAP/VM
Symptom ...... NF NEWFUNCTION Status ........... CLOSED UR1
Severity ................... 4 Date Closed ......... 17/03/27
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 640 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice
Current Target Date .. Flags
SCP ...................
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 640 : UI45923 available 17/03/29 (1000 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
This APAR implements new function in TCP/IP to provide
CRYPTO APVIRT support for the TLS/SSL Server and LDAP/VM.
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of the TLS/SSL Server or the *
* LDAP/VM Server. *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
This APAR implements new function in TCP/IP to provide:
- CRYPTO APVIRT support for the TLS/SSL Server and LDAP/VM
PROBLEM CONCLUSION:
TEMPORARY FIX:
COMMENTS:
The System SSL V2.2 cryptographic library supporting z/VM V6.4
service virtual machines is updated to offload cryptographic
operations to Crypto Express hardware associated with your
z Systems or LinuxONE hardware. This provides support for
clear-key RSA operations.
To enable this support, insert the 'CRYPTO APVIRTUAL' statement
into the appropriate virtual machine directory entry. This
statement will grant the TLS/SSL Server access to shared crypto
domains associated with your z/VM partition. No other
configuration change is required.
Note:
* If configuring a stand-alone (single) SSLSERV virtual machine,
insert this statement directly into the SSLSERV directory entry.
* If configuring a pool of multiple SSL servers, insert this
statement into the appropriate PROFILE directory entry (such as
PROFILE TCPSSLU).
* If configuring LDAP/VM, insert this statement directly into
the LDAPSRV directory entry.
See the z/VM 6.4.0 TCP/IP books (dated March 2017) for
information on using these enhancements:
http://www.vm.ibm.com/library/
MODULES/MACROS:
GSKAPQQ GSKCMS31 GSKC31 GSKC31F ICSFLIB SSLGSKCF
SRLS:
SC246238XX
GC246095XX
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER:
