Security in z/VSE enhanced - openSSL and IPv6/VSE upgraded
Ingolf24 120000DRN3 Visits (5360)
Besides the SSL implementation available since some z/VSE releases z/VSE 5.1 provides openSSL for secured SSL communication in addition. The IPv6/VSE product from Barnard Software, Inc (BSI) was the first exploiter of OpenSSL. IPv6/VSE can be licensed from BSI or IBM.
openSSL is an open source project that provides an SSL implementation and key management utilities. z/VSE implemented a subset of the openSSL functionality. openSSL is provided as part of the VSE cryptoServices.
Just before year end 2013 we enhanced the z/VSE Secure Socket Layer (SSL) security through an upgrade of openSSL and one of the exploiters of openSSL - IPv6/VSE.
z/VSE now upgraded to the openSSL 1.0.1e level. This new openSSL level also enhances the Transport Layer Securiy (TLS). It provides support for TLS 1.2, which is currently the newest SSL protocol version.
The openSSL 1.0.1e upgrade is available through APAR DY47499.
Support for TLS 1.2 in IPv6/VSE is available with APAR PM98875, which prereqs APAR DY47499.
You can find more infomation on openSSL, TLS and IPv6/VSE in the IBM Redbook "Enhanced Networkiing on IBM z/VSE" draft, which is close to be finalized. The download page is here.
Those security enhancements will also be addressed in the upcoming Live Virtual Class (LVC) on January 22. See my blog entries from December 5 and yesterday. Details on that LVC is here.
Have a good weekend.