Transport Layer Security - TLSv1.2
Currently TLSv1.2 is the newest SSL protocol version supported by OpenSSH on z/VSE. It introduces new SSL/TLS cipher suites that use the SHA-256 hash algorithm instead of the SHA-1 function, which adds significant strength to the data integrity.
For more information about TLSv1.2, see the Internet Engineering Task Force
website:
http://tools.ietf.org/html/rfc5246
The following SSL cipher suites
and their related hexadecimal values are available: 3C AES128-SHA256
3D AES256-SHA256
z/VSE needs TLSv1.2 for the following reasons: - The NIST Special Publication 800-131A, dated January 2011, states that the use of the SHA-1 hash function is not allowed after December 31, 2013, except for non-digital signature applications.
- The IBM global security policy enforces all IBM products to be compliant with NIST Special Publication 800-131.
For more information and examples of how to set up and use TLSv1.2 with the IPv6/VSE product, refer to IBM Redbook "Enhanced Networking on IBM z/VSE".