Module Name
IBM® z/OS® Version 1 Release 10 System SSL Cryptographic Module
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode
Security Level Exceptions
- Cryptographic Module Specification: Level 3
- Tested as meeting Level 1 with IBM System z10™ Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, Crypto Express2 Card (Coprocessor (CEX2C))
- Crypto Express2 Card (Accelerator (CEX2A)) and Crypto Express2 Cards (Coprocessor (CEX2C) and Accelerator (CEX2A))] [IBM System z10™ Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 76 and z/OS® V1R10] (single-user mode)
Module Type
Software-Hybrid
Embodiment
Multi-chip standalone
Description
System SSL is a set of generic services provided in z/OS® to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS® to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS® to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions.
Approved Algorithms
AES |
Certs. #976, #1106, and #1107 |
DSA |
Certs. #355 and #356 |
HMAC |
Certs. #618 and #619 |
RNG |
Certs. #614 and #615 |
RSA |
Certs. #517, #518, #519, #520, and #521 |
SHS |
Certs. #946, #1029, and #1030 |
Triple-DES |
Certs. #769, #804, and #805 |
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2.
Hardware Versions
FC3863 w/System Driver Level 76, CEX2A and CEX2C [CEX2A and CEX2C are separately configured versions of 4764-001 (P/Ns 12R6536, 12R8241, 12R8561 or 41U0438)]
Software Versions
APAR OA26457 and APAR OA26109
Firmware Versions
4764-001(2096a16d) or 4764-001(c16f4102)