Security guide

Detailed information, example code, and ancillary files related to the security components in the IBM® Semeru Runtime Certified Edition for z/OS®, 11. This documentation covers IBM-specific features of IBM's offerings.

The security components and utilities that are described here are shipped with the IBM Semeru Runtime Certified Edition for z/OS. The security components contain the IBM implementation of various security algorithms and mechanisms.

Default security providers

In addition to the default Oracle security providers, the SDK also includes the following security providers:

OpenJCEPlus security provider
The OpenJCEPlus cryptographic provider is intended to supersede the IBMJCE provider that existed in version 8. The newer provider has similar functions to its older equivalent while also providing the following features: support for newer algorithms (some of which are required for TLS 1.3), additional hardware-accelerated cryptographic capabilities (where supported), and performance enhancements.
IBMZSecurity provider
The IBMZSecurity provider is used to provide the JCERACFKS keystore implementation that was provided by the IBMJCE provider in version 8. Start of changes for 11.0.17.0The provider is added to the default security provider list, so it is enabled by default.End of changes for 11.0.17.0 In releases before 11.0.17.0, the IBMZSecurity provider is not enabled by default; to use it you must enable it as described in Enabling the IBMZSecurity provider.
The full list can be found in the JAVA_HOME/conf/security/java.security file, as shown in the following example:

security.provider.1=OpenJCEPlus
Start of changes for 11.0.17.0security.provider.2=IBMZSecurityEnd of changes for 11.0.17.0
security.provider.3=SUN
security.provider.4=SunRsaSign
security.provider.5=SunEC
security.provider.6=SunJSSE
security.provider.7=SunJCE
security.provider.8=SunJGSS
security.provider.9=SunSASL
security.provider.10=XMLDSig
security.provider.11=SunPCSC
security.provider.12=JdkLDAP
security.provider.13=JdkSASL
security.provider.14=SunPKCS11