A fix is available
APAR status
Closed as new function.
Error description
The z/VM TLS/SSL server will strengthen encryption through the enablement of Elliptic Curve Cryptography (ECC) cipher suites. Elliptic Curve Cryptography provides a faster, more secure mechanism for asymmetric encryption than standard RSA or DSS algorithms.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users interested in using elliptical * * curve ciphers to protect TLS communication. * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** z/VM TCP/IP Elliptic Curve Cryptography (ECC) Cipher Suite Support for Transport Layer Security (TLS) Enables support for the new cryptographic algorithms previously added for use by System SSL through the gskkyman interface. These new cryptographic algorithms provide stronger ciphers for the TLS/SSL server, which includes support for ECDH and ECDHE for key agreement. ECC ciphers have been enabled by default for use by TLS/SSL. Table 39 in the z/VM TCPIP Planning and Customization has been updated to indicate the ciphers enabled by protocol and mode. To use this support an ECC certificate must be created in the gskkyman database and specified for use on a secure connection.
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
PI99184
Reported component name
TCP/IP FOR Z/VM
Reported component ID
5735FAL00
Reported release
710
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2018-06-14
Closed date
2018-12-06
Last modified date
2019-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI60128
Modules/Macros
CMCOMM CMNETST MSNETSTA NETSTAT QUERY SCEXIT SSLADMIN SSLADMIO SSLADMNP SSLCACHE SSLCIPHS SSLCTLIO SSLDPUMP SSLDSPTC SSLGSKCF SSLMNTOR SSLPARGS SSLREPRT SSLSCBEX SSLSTART SSLTOOLS SSLTRACE SSLTRSIT TCMIB TCPARSE TCPIP TCUTIL TNCOPY TNSTIN TNSTMAS TNTOTCP VMSSL
| GC24629401 | SC24630101 | SC24633301 | SC24633201 | SC24633101 |
Fix information
Fixed component name
TCP/IP FOR Z/VM
Fixed component ID
5735FAL00
Applicable component levels
R710 PSY UI60128
UP18/12/13 P 1901
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
Document Information
Modified date:
22 March 2019