Distribution-specific information
Common Cryptographic Architecture for Linux® on IBM Z® provides support for the CEX8S feature since Release 8.0. In order to use the full set of CCA Release 8.1, a Linux distribution with support for the CEX8S feature is required.
Such a distribution must include a kernel patch denoted with the label s390/AP: support new dynamic AP bus size limit. This patch may be part of the default installation, or you can obtain it with an update to the kernel (denoted in the subsequent list as: with patch included).
For the most current distribution-specific information about CCA 8.1, refer to the Release Notes from the CEX8S/4770 Linux on IBM Z Code Download pages. The contained information may be more up-to-date than this publication. To access these sites, you must obtain and log in with an IBM ID.
CCA 8.2 is supported on the following distributions providing CEX8C functionality:
- Red Hat Enterprise Linux 7.9 with patch included
- Red Hat Enterprise Linux 8.10
- Red Hat Enterprise Linux 9.3
- SUSE Linux Enterprise Server 12 SP5 with patch included
- SUSE Linux Enterprise Server 15 SP5
- Ubuntu 24.04 LTS.
To exploit the full functionality of CCA 8.2 on a CEX8S, you need an IBM® z16™ with the CCA host library 8.2 and a CEX8S installed and configured as CEX8C.
Distribution level for a TKE - TLS connection
With CCA 8.0, the ability to connect to the TKE via a TLS connection is introduced, while keeping the legacy TCP connection as a possibility. The TCP connection will work on any distribution. The TLS connection requires the installation of OpenSSL 1.1 or newer. This means that the TLS connection specifically is only supported on:
- Red Hat Enterprise Linux 8.4 and newer
- Red Hat Enterprise Linux 9.0 and newer
- SUSE Linux Enterprise Server 12 SP5 and newer
- SUSE Linux Enterprise Server 15 SP3 and newer
- Ubuntu 20.04 LTS and newer
- Ubuntu 22.04 LTS and newer