Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1918I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1918I A cryptographic key in use is too short for the chosen Auth
or PRF algorithm when FIPS140 is enabled: key length keylen bytes,
minimum required minlen bytes ExplanationWhen Federal Information Processing Standard publication 140 (FIPS 140) support is enabled for the IKE daemon, all of the cryptographic keys that are used by the chosen authentication (Auth) or pseudo random function (PRF) algorithm must be at least half the length of the PRF digest size. These cryptographic keys can be the configured pre-shared key that is used for IKE authentication, or, if you are using Internet Key Exchange version 2 (IKEv2), they can be the keys that are used by the IKE daemon to internally generate keying material for a prior IKE SA. In the message text:
System actionIKED phase 1 tunnel negotiation fails. IKE daemon processing continues. Operator responseContact the system programmer. System programmer responseExamine the surrounding IKED messages
in the syslogd log file to determine which tunnel is affected. The
following criteria apply when FIPS 140 support is enabled for the
IKE daemon:
See FIPS 140 and IP security in z/OS Communications Server: IP Configuration Guide for information about FIPS 140 support in your environment. User responseNot applicable. Problem determinationNone. Sourcez/OS® Communications Server TCP/IP: IKE daemon Moduleicsf_hmac.cpp, IKEv2IKESAKEP.cpp Routing codeNot applicable. Descriptor codeNot applicable. AutomationNot applicable. Example
|
Copyright IBM Corporation 1990, 2014
|