Transport Layer Security - TLSv1.2

Currently TLSv1.2 is the newest SSL protocol version supported by OpenSSH on z/VSE. It introduces new SSL/TLS cipher suites that use the SHA-256 hash algorithm instead of the SHA-1 function, which adds significant strength to the data integrity.

For more information about TLSv1.2, see the Internet Engineering Task Force website:

http://tools.ietf.org/html/rfc5246

The following SSL cipher suites and their related hexadecimal values are available:

3C  AES128-SHA256 
3D  AES256-SHA256

z/VSE needs TLSv1.2 for the following reasons:

The NIST Special Publication 800-131A, dated January 2011, states that the use of the SHA-1 hash function is not allowed after December 31, 2013, except for non-digital signature applications.
The IBM global security policy enforces all IBM products to be compliant with NIST Special Publication 800-131.

For more information and examples of how to set up and use TLSv1.2 with the IPv6/VSE product, refer to IBM Redbook "Enhanced Networking on IBM z/VSE".