U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #1492


Module Name
IBM® z/OS® Version 1 Release 11 System SSL Cryptographic Module
FIPS 140-2
 Historical Reason
RNG SP800-131A Revision 1 Transition
Validation Dates
Overall Level
When operated in FIPS mode
Security Level Exceptions
  • Cryptographic Module Specification: Level 3
Module Type
Multi-chip standalone
System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions.
Tested Configuration(s)
  • Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 77 and z/OS® V1R11] (single-user mode)
  • IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Coprocessor (CEX3C))
FIPS Algorithms
AES Certs. #976, #1418 and #1419
DSA Certs. #458 and #459
HMAC Certs. #836 and #837
RNG Certs. #775 and #776
RSA Certs. #691, #692, #693, #694 and #695
SHS Certs. #946, #1286 and #1287
Triple-DES Certs. #769, #968 and #969
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2
Hardware Versions
FC3863 w/System Driver Level 77 and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]
Software Versions
System SSL level HCPT3B0/JCPT3B1 with APAR OA31595, RACF level HRF7760 with APAR OA30951 and ICSF level HCR7770 with APAR OA32012
Firmware Versions
4765-001 (e1ced7a0)


IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601

William F Penny
Phone: 845-435-3010


NVLAP Code: 200658-0