Transport Layer Security - TLSv1.2

Currently TLSv1.2 is the newest SSL protocol version supported by OpenSSH on z/VSE. It introduces new SSL/TLS cipher suites that use the SHA-256 hash algorithm instead of the SHA-1 function, which adds significant strength to the data integrity.

For more information about TLSv1.2, see the Internet Engineering Task Force website:
The following SSL cipher suites and their related hexadecimal values are available:
3C  AES128-SHA256 
3D  AES256-SHA256
z/VSE needs TLSv1.2 for the following reasons:
  • The NIST Special Publication 800-131A, dated January 2011, states that the use of the SHA-1 hash function is not allowed after December 31, 2013, except for non-digital signature applications.
  • The IBM global security policy enforces all IBM products to be compliant with NIST Special Publication 800-131.

For more information and examples of how to set up and use TLSv1.2 with the IPv6/VSE product, refer to IBM Redbook "Enhanced Networking on IBM z/VSE".