Transport Layer Security - TLSv1.2
Currently TLSv1.2 is the newest SSL protocol version supported by OpenSSH on z/VSE. It introduces new SSL/TLS cipher suites that use the SHA-256 hash algorithm instead of the SHA-1 function, which adds significant strength to the data integrity.
The following SSL cipher suites and their related hexadecimal values are available:
z/VSE needs TLSv1.2 for the following reasons:
3C AES128-SHA256 3D AES256-SHA256
- The NIST Special Publication 800-131A, dated January 2011, states that the use of the SHA-1 hash function is not allowed after December 31, 2013, except for non-digital signature applications.
- The IBM global security policy enforces all IBM products to be compliant with NIST Special Publication 800-131.
For more information and examples of how to set up and use TLSv1.2 with the IPv6/VSE product, refer to IBM Redbook "Enhanced Networking on IBM z/VSE".