About this document
This publication addresses an audience who wants to get information about how OpenSSL exploits cryptographic hardware on Linux on IBM Z and IBM LinuxONE systems.
Programmers who want to write cryptographic applications using OpenSSL while running on Linux on IBM Z and IBM LinuxONE systems can find decision aids for the application design. It also addresses system administrators who want to configure OpenSSL to take advantage of IBM Z and LinuxONE cryptographic hardware support.
You learn how OpenSSL can benefit from the performance acceleration and high security of IBM Z® cryptographic hardware either out of the box or with further configuration applied according to your needs.
Users of OpenSSL can select from the following options:
- Without any configuration steps, OpenSSL implicitly exploits IBM Z specific features by a built-in use of CPACF.
- You can explicitly configure OpenSSL to invoke either the IBMCA engine or the IBMCA provider, in order to use IBM Z hardware acceleration with cryptographic adapters for the supported algorithms.
Tip: If you are new to OpenSSL, you find introductory information in What is OpenSSL. Otherwise you find a
navigation aid to the information that is adequate to your requirements in Quick decision: OpenSSL on IBM Z and LinuxONE out of the box or with customized extensions.