IBM Support

SE72262 - OSP-COMM SYSTEM TLS CURVE25519 AND CURVE448 SUPPORT

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 APAR (Authorized Program Analysis Report)

Abstract

OSP-COMM SYSTEM TLS CURVE25519 AND CURVE448 SUPPORT

Error Description

IBM i System Transport Layer Security has been enhanced to keep
up with the emerging industry standard for TLSv1.3 and to      
enhance the support for TLSv1.2.                                
                                                               
The native IBM i JSSE provider has been enhanced to include    
support for Transport Layer Security version 1.3 (TLSv1.3)      
protocol                                                        
TLSv1.3 has been enhanced to support elliptic curve            
Diffie-Hellman key exchange using Curve25519(x25519) and        
Curve448(448)                                                  
TLSv1.2 has been enhanced to support ChaCha20 Poly1305 cipher  
suites                                                          
Online Certificate Status Protocol (OCSP) stapling support has  
been added to TLSv1.3 and TLSv1.2                              
RSASSA-PSS certificate type has been added to TLSv1.3          

Problem Summary

System TLS needs to support Curve25519(x25519) and              
Curve448(x448) elliptic curves.                                

Problem Conclusion

System TLS added named curves x25519 and x448 to both the      
supported and default lists of supported groups.  TLSCONFIG    
supportedNamedCurve and defaultNamedCurve options can be used to
remove curves from each list.                                  

Temporary Fix

Comments

Circumvention


PTFs Available

R740 SI71366  0121

Affected Modules


         
         

Affected Publications

Summary Information

Status............................................CLOSED PER
HIPER...........................................No
Component..................................5770SS100
Failing Module..........................RCHMGR
Reported Release...................R740
Duplicate Of..............................




IBM i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG15Q","label":"APARs - OS\/400 General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V7R4M0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
15 May 2020