Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1910I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1910I FIPS140 support is enabled for the IKE daemon and no valid
KeyExchangeOffers were found in KeyExchangeAction ( KEAname ) ExplanationThis message is issued when the IKE daemon is enabled to support the Level 1 security requirements of Federal Information Processing Standard publication 140-2 (FIPS 140), and one or more KeyExchangeOffer objects were omitted from the specified KeyExchangeAction object. If the IKE daemon is enabled for FIPS 140, the daemon omits KeyExchangeOffer objects that use the DES, MD5, or AES_XCBC cryptographic algorithms, or Diffie-Hellman groups 1, 2, or 5 from any proposal it builds. In the message text:
System actionThe SA negotiation fails; the IKE daemon continues. Operator responseContact the system programmer. System programmer responseIf you want the IKE daemon to be
enabled to support FIPS 140, ensure that at least one KeyExchangeOffer
object exists in the specified KeyExchangeAction object that does
not contain any of the following:
If you do not want to continue to have the IKE daemon enabled to support FIPS 140, then configure FIPS140 No on the IkeConfig statement in the IKED configuration file and restart the IKE daemon. See the information about Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS® Communications Server TCP/IP: IKE daemon Moduleconfig_adapter.cpp Routing codeNot applicable. Descriptor codeNot applicable. AutomationNot applicable. Example
|
Copyright IBM Corporation 1990, 2014
|