EZD1910I

Explanation
 This message is issued when the IKE daemon is
enabled to support the Level 1 security requirements of Federal Information
Processing Standard publication  140-2 (FIPS 140), and one or more
KeyExchangeOffer objects were omitted from the specified KeyExchangeAction
object.   If the IKE daemon is enabled for FIPS 140,  the daemon omits
KeyExchangeOffer objects that use the DES, MD5, or AES_XCBC  cryptographic
algorithms, or Diffie-Hellman groups 1, 2, or 5 from any proposal
 it builds.   
 In the message text:  KEAname
The KeyExchangeAction name that is configured in the policy.

System action
 The SA negotiation fails; the IKE daemon continues.

Operator response
 Contact the system programmer.

System programmer response
 If you want the IKE daemon to be
enabled to support FIPS 140, ensure that at least one KeyExchangeOffer
object exists in the specified KeyExchangeAction object that does
not contain any of the following:  HowToEncrypt DES 
HowToAuthMsgs MD5 
HowToVerifyMsgs HMAC_MD5_96 
HowToVerifyMsgs AES128_XCBC_96 
PseudoRandomFunction HMAC_MD5 
PseudoRandomFunction AES128_XCBC 
DHGroup Group1, Group2, Group5

 If you do not want to continue to have the IKE daemon
enabled to support FIPS 140, then configure FIPS140 No on the IkeConfig
statement in the IKED configuration file and restart the IKE daemon.

 See the information about Policy Agent
and policy applications in z/OS Communications Server: IP Configuration
Reference for more information about configuring policy.

User response
 Not applicable.

Problem determination
 Not applicable.

Source
 z/OS® Communications
Server TCP/IP: IKE daemon

Module
 config_adapter.cpp

Routing code
 Not applicable.

Descriptor code
 Not applicable.

Automation
 Not applicable.

Example
  EZD1910I FIPS140 support is enabled for the IKE daemon and no valid  KeyExchangeOffers were found 
         in KeyExchangeAction ( TCS4_Vipa81-TCS7_Vipa81 )