ibm® z/os® version 2 release 2 system ssl cryptographic …...z/os version 2 release 2 system ssl...
TRANSCRIPT
z/OSVersion2Release2SystemSSLSecurityPolicy
Page1of27
IBM®z/OS®Version2Release2SystemSSLCryptographicModule
FIPS140-2
Non-ProprietarySecurityPolicy
PolicyVersionv1.2
IBMSystems&TechnologyGroupSystemzDevelopmentPoughkeepsie,NewYork
November2nd,2017
©CopyrightInternationalBusinessMachinesCorporation2017Thisdocumentmaybereproducedonlyinitsoriginalentiretywithoutrevision.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page2of27
TableofContents1. SCOPEOFDOCUMENT............................................................................................................................................................32. CRYPTOGRAPHICMODULESPECIFICATION.............................................................................................................................33. CRYPTOGRAPHICMODULESECURITYLEVEL...........................................................................................................................54. PORTSANDINTERFACES.........................................................................................................................................................65. ROLES,SERVICESANDAUTHENTICATION...............................................................................................................................7
5.1 ROLES.......................................................................................................................................................................................75.2 SERVICES...................................................................................................................................................................................7
6. OPERATIONALENVIRONMENT.............................................................................................................................................137. KEYMANAGEMENT..............................................................................................................................................................168. PHYSICALSECURITY..............................................................................................................................................................189. EMI/EMC..............................................................................................................................................................................2010. SELF-TESTS.......................................................................................................................................................................20
10.1 SYSTEMSSLMODULE................................................................................................................................................................2011. OPERATIONALREQUIREMENTS(OFFICER/USERGUIDANCE)............................................................................................21
11.1 MODULECONFIGURATIONFORFIPS140-2COMPLIANCE................................................................................................................2111.2 DETERMININGMODEOFOPERATION............................................................................................................................................2211.3 TESTING/PHYSICALSECURITYINSPECTIONRECOMMENDATIONS.........................................................................................................23
12. MITIGATIONOFOTHERATTACKS.....................................................................................................................................2313. CRYPTOGRAPHICMODULECONFIGURATIONDIAGRAMS.................................................................................................2314. GLOSSARY........................................................................................................................................................................2515. REFERENCES.....................................................................................................................................................................2616. TRADEMARKS..................................................................................................................................................................26
z/OSVersion2Release2SystemSSLSecurityPolicy
Page3of27
1. ScopeofDocumentThisdocumentdescribestheservicesthatthez/OSSystemSSLcryptographicmodule(“SystemSSLmodule”or“module”)providestosecurityofficersandendusers,andthepolicygoverningaccesstothoseservicesbythez/OSSystemSSLelement.Itcomplementsofficialz/OSSystemSSLelementdocumentation,whichconcentratesonapplicationprogramminginterface(API)levelusageandenvironmentalsetup[1].
Thez/OSSystemSSLcryptographicmoduleprovidescryptographicfunctionality,ASN.1processing,x.509certificate,PKCS#7anddataconversionfunctionalityforusebytheSystemSSLelementofz/OS(hereafterreferredtoas“SystemSSLelement”).Thez/OSSystemSSLcryptographicmoduleinitsFIPS140-2configurationconsistsofasinglesharedlibrary(DLL).Thesharedlibrarybinaryiseithera31or64-bitversion.Thedeployedversionconsistsofthefollowingmodules:
Table1:SystemSSLLibraryModules
31-bit 64-bitGSKC31F GSKC64F
Thez/OSSystemSSLcryptographicmoduleispackagedwithintheSystemSSLelementofz/OS.TheSystemSSLelementcontainsexternalapplicationprogramminginterfaces(APIs)whichallowshostapplicationstoutilizefunctionalitywithintheSystemSSLelementandthez/OSSystemSSLcryptographicmodule.Communicationtothez/OSSystemSSLcryptographicmoduleisthroughC-languageapplicationsprogramminginterfaces(APIs)knownonlytotheSystemSSLelement’sDLLsandexecutables.TheseDLLsandexecutablesarenotpartofthecryptographicmodule.AllinterfacestotheSystemSSLmodulearethroughtheSystemSSLelement.Thez/OSSystemSSLcryptographicmoduledoesnotimplementtheTLSprotocol.Itprovidesthecryptographicprimitives(ie.KeyDerivationFunction(KDF))andfunctionstoallowtheSystemSSLelementtosupportTLS.
2. CryptographicModuleSpecificationThez/OSSystemSSLcryptographicmoduleisclassifiedasamulti-chipstandalonesoftware-hybridmoduleforFIPSPub140-2purposes.TheactualcryptographicboundaryforthisFIPS140-2modulevalidationincludestheSystemSSLmodulerunninginconfigurationssupplementedbyhardwarecryptography.TheSystemSSLmoduleconsistsofsoftware-basedcryptographicalgorithms,aswellassymmetricandhashingalgorithmsprovidedbytheCPAssistforCryptographicFunction(CPACF).TheSystemSSLmoduleusesthez/OSVersion2Release2SecurityServerRACFSignatureVerification(hereafterreferredtoas“IRRPVERS”)withFIPS140-2Validation#2691formoduleintegritycheckingservices.TheSystemSSLmoduleusesthez/OSVersion2Release2ICSFPKCS#11(hereafterreferredtoas“ICSFPKCS#11”)withFIPS140-2Validation#3019forcertifiedcryptographicalgorithmsnotavailablewithintheSystemSSLmodule(i.e.randomnumbergeneration)andhardwareRSAsignatureverificationandkeywrapping.TheIRRPVERSandICSFPKCS#11arealsoknownas“bound”modules.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page4of27
Table2:SystemSSLModuleComponents
Type/Name VersionSoftwareComponentsSystemSSLDLLs(GSKC31Fand
GSKC64F)
z/OSVersion2Release2withSystemSSLlevelHCPT420/JCPT421withAPAROA52653
HardwareComponentsCPACF
Firmware-CPAssistforCryptographicFunctionsDES/TDESEnablementFeature3863(akaFC3863)withSystemDriverLevel27IHardware–COPchipsintegratedwithinprocessorunit
Documentation SC14-7495z/OSSystemSSLProgrammingftp://public.dhe.ibm.com/eserver/zseries/zos/ssl/pdf/oa50589_22.pdf
SystemSSLmodulevalidationwasperformedusingthez/OSVersion2Release2operatingsystemwiththefollowingplatformconfigurations:
1. IBMz13withCPAssistforCryptographicFunctionsDES/TDESEnablementFeature3863(BaseGPC)
2. IBMz13withCPAssistforCryptographicFunctionsDES/TDESEnablementFeature3863andoptionalCryptoExpress5card(Accelerator(CEX5A))-CEX5AcardmaybeusedbyICSFPKCS#11forRSAhardwareclearkeymodulemathcryptographytosupportRSAdigitalsignatureverificationandkeywrapping.
TheSystemSSLmodulerunningontheaboveplatformsmetallFIPSPub140-2Level1securityrequirements.SeeSection13,CryptographicModuleConfigurationDiagrams,formoreinformationaboutthevalidatedplatforms.Inadditiontotheconfigurationstestedbythelaboratory,vendor-affirmedtestingwasperformedusingz/OSVersion2Release2onthefollowingplatforms:
1. IBMSystemzEnterprise™EC12(zEC12)withCPAssistforCryptographicFunctionsDES/TDESEnablementFeature3863(BaseGPC)
2. IBMSystemzEnterprise™BC12(zBC12)withCPAssistforCryptographicFunctionsDES/TDESEnablementFeature3863(BaseGPC).
Note(IGG.5):theCMVPmakesnostatementastothecorrectoperationofthemoduleorthesecuritystrengthsofthe
generatedkeyswhenportedandexecutedinanoperationalenvironmentnotlistedonthevalidationcertificate.
Securitylevel:Thisdocumentdescribesthesecuritypolicyforthez/OSSystemSSLmodulewithLevel1overallsecurityasdefinedinFIPSPub140-2[2].Figure1belowshowsthephysicalboundaryoftheSystemzmachineaswellasthelogicalboundaryofthemodule.AmoredetailedviewconsistingofthemoduleandboundmodulesisshownFigure2intheCryptographicModuleConfigurationDiagramssection.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page5of27
Figure1:SystemSSLCryptographicModulePhysicalandLogicalBoundaries
3. CryptographicModuleSecurityLevelTheSystemSSLmoduleisintendedtomeetrequirementsofSecurityLevel1overall,withcertaincategoriesofsecurityrequirementsnotapplicable(Table3).
Table3:ModuleSecurityLevelSpecification
SecurityRequirementsSection LevelCryptographicModuleSpecification 1ModulePortsandInterfaces 1Roles,ServicesandAuthentication 1FiniteStateModel 1PhysicalSecurity 1OperationalEnvironment 1CryptographicKeyManagement 1EMI/EMC 1
z/OSVersion2Release2SystemSSLSecurityPolicy
Page6of27
Self-Tests 1DesignAssurance 1Mitigationofotherattacks N/AOverall 1
4. PortsandInterfaces
Asamulti-chipstandalonemodule,theSystemSSLmodulephysicalinterfacesaretheboundariesofthehostrunningSystemSSLmodulecode.Theunderlyinglogicalinterfacesofthemoduleareinternalapplicationprogramminginterfaces(APIs)totheSystemSSLelementandlogicalinterfacestotheICSFPKCS#11module.
Table4:Datainput,dataoutput,controlinputandstatusoutput
InterfacesintoandoutoftheModuleFIPS140-2Interface LogicalInterface Description
DataInput API Inputvariablesarepassedontheinternalapplicationprogramminginterface(API)
DataOutput API OutputresultsarepassedbackthroughtheAPIControlInput APIfunctioncallsand
environmentvariableSettingofGSK_HW_CRYPTOenvironmentvariable
StatusOutput APIreturncodes StatusoutputisprovidedinreturncodesPower Notapplicable Notapplicable
InterfacebetweenmoduleandICSFPKCS#11FIPS140-2Interface LogicalInterface–ICSF
PKCS#11APIs(CSFPPD2,CSFPPE2,CSFPPV2)
Description
DataInput API InputvariablespassedontheICSFPKCS#11APIinvocationDataOutput API OutputresultspassedbackbytheICSFPKCS#11APIControlInput API ICSFPKCS#11vendordefinedPKCS#11attribute
CKA_IBM_FIPS140passedonAPIinvocationStatusOutput APIreturnandreason
codesStatusoutputreturnedfromICSFPKCS#11APIasreturn
andreasoncodesCryptographicbypasscapabilityisnotsupportedbytheSystemSSLmodule. ModuleStatus:TheSystemSSLmodulecommunicatesanyerrorstatussynchronouslythroughtheuseofreturncodestotheSystemSSLelementwhichthensurfacesthemtothecallingapplication.AcompletelistofreturncodesreturnedbytheSystemSSLelementareprovidedintheSystemSSLelementdocumentation.ItistheresponsibilityoftheapplicationtohandleexceptionalconditionsinaFIPS140-2appropriatemanner.TheSystemSSLmoduleisoptimizedforlibraryuseanddoesnotcontainanyterminatingassertionsorexceptions.AnyinternalerrordetectedbytheSystemSSLmoduleandnotinducedbyuserdatawillbereflectedbacktotheapplication withanappropriatereturncode.ThecallingapplicationmustexaminethereturncodeandactinaFIPS140-2appropriatemannertosuchfailuresandreflectthiserrorinafashionconsistentwiththisapplication.User-inducedorinternalerrorsdonotrevealanysensitivematerialtocallers.ReturncodesanderrorconditionssurfacedbytheSystemSSLelementarefullydocumentedintheSystemSSLelement’sprogrammingdocumentation.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page7of27
5. Roles,ServicesandAuthentication
5.1 RolesThemodulesupportstworoles:acryptographicofficer(Officer)roleandaUserrole(Table5).Themoduledoesnotsupportuseridentificationorauthenticationthatwouldallowthemoduletodistinguishbetweenthetwosupportedroles.Eachoftherolesisauthenticatedthroughtheoperatingsystempriortousinganysystemservices.TheOfficerroleisapurelyadministrativerolethatdoesnotinvolvetheuseofcryptographicservices.Theroleisnotexplicitlyauthenticatedbutassumedimplicitlyonimplementationofthemodule’sinstallationandconfiguration.TheUserrolehasaccesstoallofthemodule’sservices.Theroleisnotexplicitlyauthenticated,butassumedimplicitlyonaccessofanyofthenon-Officerservices.AnoperatorisimplicitlyintheUserorOfficerrolebasedupontheservice(s)chosen.IfanyoftheUser-specificservicesarecalled,thentheoperatorisintheUserrole;otherwisetheoperatorisintheOfficerrole.
Table5:RolesandAuthenticationMechanisms
Role Purpose/PermittedActions TypeofAuthentication AuthenticationData StrengthofMechanism
User Requestthecryptographicalgorithmslistintables6and7
None(Automatic) None N/A
Officer Moduleinstallationandconfiguration.Thisroledoesnotinvolvetheuseofcryptographic
services.
Implicit N/A N/A
5.2 ServicesThemoduleprovidescommands(services-Tables6,7and8)andqueries(Table9).Queriesreturnstatusofcommandsorcommandgroups;commandsexercisecryptographicfunctionsorservices.Officersperformqueries;Usersmayperformbothqueriesandcommands.ServicesareaccessedthroughSystemSSLelementAPIinterfacesfromthecallinghostapplication.TheSystemSSLmoduleprovidesbothnon-cryptographicandcryptographicservices.Thenon-cryptographicservicescanbeutilizedbythecallingapplication(i.e.x.509certificateencoding/decoding)withoutcausinganyimpacttothemodule’scryptographicsupport.Cryptographicprimitives(i.e.KeyDerivationFunction(KDF),AESencrypt/decrypt)providetherequiredcryptographicprimitivesfortheSystemSSLelementtosupporttheTLSprotocol.ThecryptographicalgorithmsassociatedwiththeTLSciphersarerestrictedtoFIPSapprovedalgorithmsonly.AdditionalservicesandprocessingareprovidedbyboundmodulesIRRPVERSandICSFPKCS#11.TheSystemSSLmoduleutilizesthemoduleintegritycheckingservicesprovidedbyIRRPVERSandthecryptographicservicesprovidedbyICSFPKCS#11.
Table6:ApprovedServices
Service Roles CSP Modes/Notes Cert# Access
(Read, StandardUser Crypto
z/OSVersion2Release2SystemSSLSecurityPolicy
Page8of27
Officer write,execute)
ModuleinstallationAndConfiguration
X N/A N/A N/A N/A N/A
SoftwareSymmetricAlgorithms
AESEncryptionandDecryption
X AESSymmetrickey(128,256bit)
CBC Certs.#4757#4758
ReadWriteExecute
FIPS197SP800-38A
TripleDESEncryptionAndDecryption
X TripleDESSymmetrickey(192bit)
CBC Certs.#2527#2528
ReadWriteExecute
SP800-67
PublicKeyAlgorithmsDSAParameter/KeyGeneration
X DSAParameterAndAsymmetrickeysL=2048,N=256
N/A Certs.#1277#1278
ReadWriteExecute
FIPS186-4
DSASignatureGeneration
X DSAAsymmetricPrivateKeyL=2048,N=256withSHA2(1/224/256)
SHA-1affirmedforusewithprotocolsonly.
ReadWriteExecute
FIPS186-4
DSASignatureVerification
X DSAAsymmetricPublicKeyL=1024,N=160withSHA(1/224/256)L=2048,N=256withSHA(1/224/256)
N/A ReadExecute
FIPS186-4
RSAKeygeneration
X RSAAsymmetricKey2048and3072
N/A Certs.#2600#2601
ReadWriteExecute
FIPS186-4
RSASignatureGeneration(includingvariouscombinationofSystemSSLRSAwitheither
X RSAAsymmetricPrivateKey2048and3072withSHA1(1/224/256/384/512)
SHA-1affirmedforusewithprotocolsonly.
ReadWriteExecute
FIPS186-4
1 Use of SHA1 for digital signature generation is deprecated and should not be used.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page9of27
SystemSSLorCPACFSHA)RSASignatureVerification(includingvariouscombinationofSystemSSLorICSFPKCS#11RSAwitheitherSystemSSLorCPACFSHA)
X RSAAsymmetricPublicKey2048and3072withSHA(1/224/256/384/512)
N/A ReadExecute
FIPS186-4
HashFunctionsSHSMessageDigest
X N/A SHA-1SHA-224SHA-256SHA-384SHA-512
Certs.#3899#3900
N/A FIPS180-4
MessageAuthenticationCodes(MACs)HMACMessageAuthentication(includingCPACFimplementationsforSHA)
X Keysizes112bitsinlengthandgreater2
HMACSHA-1,HMACSHA-256HMACSHA-384
Certs.#3168#3169
ReadWriteExecute
FIPS198-1
ComponentTLSKeyDerivation(includingCPACFimplementationsforSHA)
X TLSV1.0,V1.1,V1.2premastersecret,readMACkey,readkey,readIV,writeMACkey,writekeyandwriteIV
N/A CVLCerts.#1396#1397
ReadWriteExecute
SP800-135
CPAssistforCryptographicFunctionsSymmetricAlgorithms
AESEncryptionandDecryption
X AESSymmetrickey(128,256bit)
CBC Cert.#45793
ReadWriteExecute
FIPS197SP800-38A
TripleDES X TripleDESSymmetric CBC Cert. Read SP800-67
2 Per FIPS 198-1 and SP 800-107, keys less than 112 bits in length are not approved for HMAC generation.3 There are algorithms that have been CAVS tested with key sizes and block chaining modes for which the module does not provide interfaces. Only the algorithms’ key sizes and block chaining modes present in this table are made available by the module.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page10of27
EncryptionAndDecryption
key(192bit) #2432
WriteExecute
HashFunctionSHSMessageDigest
X N/A SHA-1SHA-224SHA-256SHA-384SHA-512
Cert.#3661
ReadWriteExecute
FIPS180-4
ICSFboundmoduleAES X AESsymmetrickeys
(128/256-bitkeys)GCM Cert.
#4586ReadWriteExecute
SP800-38D
RSASignatureverification
X RSAAsymmetricpublickeys(1024/2048/3072-bitkeys)
PKCS1.5 Cert.#2501
ReadWriteExecute
FIPS186-4
Diffie-Hellman X Diffie-HellmanAsymmetricprivatekeys(L=2048,N=224;L=2048,N=256)
N/A CVLCert.#1259
ReadWriteExecute
FIPS186-4
ECDiffie-Hellman
X ECDiffie-HellmanAsymmetricprivatekeys(keysaccordingtoP-224,P-256,P-384andP-521)
N/A CVLCert.#1259
ReadWriteExecute
FIPS186-4
ECDSAKeygeneration,Signaturegeneration,Signatureverification
X ECDSAAsymmetricprivatekeys(keysaccordingtoP-224,P-256,P-384andP-521)
N/A Cert.#1123
ReadWriteExecute
FIPS186-4
DRBG X Entropyinput,Seed,V,C(Hash-SHA-512)
N/A Cert.#1526#1530
ReadWriteExecute
SP800-90A
4767-001(CEX5A)fromICSFboundmoduleDiffie-Hellman X Diffie-Hellman
Asymmetricprivatekeys(L=2048,N=224;L=2048,N=256)
N/A CVLCert.#1322
ReadWriteExecute
SP800-56A,Revision2
RSASignatureverification
X RSAAsymmetricpublickeys(1024/2048/3072-bitkeys)
PKCS1.5 Cert.#2548
ReadWriteExecute
FIPS186-4
IRRPVERSboundmoduleRSASignatureVerification
X RSAAsymmetricpublickeys(2048-bitkeys)
PKCS1.5 Cert.#2283
ReadWriteExecute
FIPS186-4
z/OSVersion2Release2SystemSSLSecurityPolicy
Page11of27
Table7:AllowedServices
ServiceRoles
CSP
Access(Read,write,
execute)
Standard/Mode Caveat
User CryptoOfficer
PublicKeyAlgorithmsRSAKeyWrapping
X RSAAsymmetricPrivateKeyModulussizefromatleast2048anduptoandincluding4096bits
ReadWriteExecute
N/A keywrapping;keyestablishmentmethodologyprovidesbetween112and150bitsofencryptionstrength
RSADigitalSignatureGeneration
X RSAAsymmetricPrivateKeyModulussize2048anduptoandincluding4096bits(except2048and3072bits)
ReadWriteExecute
FIPS186-4 N/A
RSADigitalSignatureVerification
X RSAAsymmetricPublicKeyModulussize1024uptoandincluding4096bits(except2048and3072bits)
Read,Execute
FIPS186-2FIPS186-4
N/A
RSAKeyGeneration
X RSAAsymmetricPrivateandPublicKeyKeylengthsmultipleof16bitsbetween2048and4096bitsinclusive(except2048and3072bits)
Read,Write,Execute
FIPS186-4 N/A
MessageAuthenticationCodes(MACs)HMACMessageAuthentication
X HMACkeyKeysizes112bitsinlengthandgreater
ReadWriteExecute
IETFRFC2104
HMACwithMD5(PartofTLSSpecificservice)
HashFunctionsMD5 X N/A Read N/A MD5(PartofTLSSpecific
z/OSVersion2Release2SystemSSLSecurityPolicy
Page12of27
WriteExecute
service)
ICSFboundmoduleRSA X RSAAsymmetric
keysReadWriteExecute
FIPS186-4Keywrapping
keywrapping;keyestablishmentmethodologyprovidesbetween112and150bitsofencryptionstrength;non-compliantlessthan112bitsofencryptionstrengthThemodulussizeatleast2048bitsanduptoandincluding4096bits
Signatureverification
Anymodulussizesmallerthanorequalto4096bitsexcept1024,2048and3072bits
NDRNG X N/A ReadWriteExecute
N/A SeedingfortheDRBGs
4767-001(CEX5A)fromICSFboundmoduleRSA X RSAAsymmetric
keysReadWriteExecute
FIPS186-4Signatureverification
With4096-bitkeys
Table8:Non-approvedServices
Service NotesSoftware
PublicKeyAlgorithmsRSAKeyGeneration,KeyWrapping,DigitalSignatureGeneration
Keybitsizeslessthan2048notapproved(non-compliantlessthan112bitsofencryptionstrength)
DSAParameterGeneration,KeyGeneration,DigitalSignatureGeneration
KeyParametersL=1024,N=160notapproved
MessageAuthenticationCodes(MACs)HMAC Keysizeslessthan112bits
HMAC-MD5usageoutsideoftheTLSprotocol
MessageDigestMD5 MD5usageoutsideoftheTLSprotocol
ICSFboundmoduleRSAKeyWrapping Keybitsizeslessthan2048noapproved
(non-compliantlessthan112bitsofencryptionstrength)
ECDiffie-Hellman Keygeneration/Keyagreement:CurveP-192
z/OSVersion2Release2SystemSSLSecurityPolicy
Page13of27
notapprovedECDSA Keygeneration/Digitalsignaturegeneration:
CurveP-192notapprovedNote:Whenanyoftheservicesintable8areutilized,themodulewillbeinnon-FIPSmode.
Table 9: Queries
Service Notes RolesModuleStatus Officer User
Error WhentheSystemSSLmodulehasenteredtheerrorstate,oneofthefollowingreturncodesispresentedwhenanattemptismadetousethemodule:CMSERR_KATPW_FAILED,CMSERR_KATPW_ICSF_FAILEDorCMSERR_FIPS_KEY_PAIR_CONSISTENCY
No Yes
IntegrityChecks
Power-upTests Automaticbeforefirstuse
Yes No
Self-Tests Applicationcancallthe“performKAT”functionanytimeaftertheSystemSSLmodulehasbeenloaded
Yes Yes
OperationalCorrectnessChecksPair-wiseconsistency
Continuouslyperformed(automatic) Yes Yes
6. OperationalEnvironment InstallationandInvocationSystemSSLelementlevelsHCPT420andJCPT421areinstalledaspartofthez/OSVersion2Release2ServerPacusingthe“InstallingYourOrder”documentationprovidedwiththeServerPac(prepackagedtailoredz/OSinstallationincludingz/OSSystemSSL).TheevaluatedconfigurationrequirestheinstallationofserviceprovidedthroughSystemSSLAPAROA52653andisboundtotheIRRPVERSandICSFPKCS#11modules.TheSystemSSLmodulerequiresthatacopyofbothIRRPVERSandICSFPKCS#11beinstalledandoperationalonthesystemfortheSystemSSLmoduletooperateinavalidatedmode.TheCPACFEnablementFeature3863mustbeinstalledpriortoloadingtheSystemSSLDLL.ThisfeaturecodemaybeorderedfromIBMthendownloadedthroughRETAINandinstalledusingtheHardwareManagementConsole(HMC).TheSystemSSLcryptographicmodulecanonlybeusedinconjunctionwiththeSystemSSLelementofz/OS.TheSystemSSLelementprovidesexternalAPIsandaccessestheSystemSSLmodulethroughinternalClanguageAPIs.ModuleOperationTheSystemSSLmoduleisintendedtooperatewithinz/OSVersion2Release2inasingle-usermodeofoperation.UsingtheSystemSSLmoduleinaFIPS140-2approvedmannerassumesthatthefollowingdefinedcriteriaarefollowed:
z/OSVersion2Release2SystemSSLSecurityPolicy
Page14of27
• TheOperatingSystemenforcesauthenticationmethod(s)topreventunauthorizedaccesstoModuleservices.• Allhostsystemcomponentsthatcancontainsensitivecryptographicdata(mainmemory,systembus,disk
storage)mustbelocatedwithinasecureenvironment.• TheapplicationusingthemoduleservicesthroughtheSystemSSLelementmustconsistofoneormore
processesinwhicheachprocessisutilizingaseparatecopyoftheexecutablecode.• Theapplicationdesignermustbesurethattheapplicationisdesignedcorrectlyanddoesnotcorruptthestorage
intheaddressspacewheretheinstanceofSystemSSLmoduleisloaded.• AninstanceoftheSystemSSLmodule mustbeaccessedonlybyasingleprocess(addressspace).Thismeansthat
eachprocesshasitsowninstanceoftheSystemSSLelementhenceoneinstanceoftheSystemSSLmodule. • TheSystemSSLmodulesetupproceduresdocumentedintheprogrammingdocumentationmustbefollowed
andsetupdonecorrectly.• TheCPAssistforCryptographicFunctionsDES/TDESEnablementFeature3863mustbeinstalledandenabled.• IRRPVERSmoduleisinstalledandconfiguredaccordingtoitsSecurityPolicy[7].• ICSFPKCS#11moduleisinstalledandconfiguredaccordingtoitsSecurityPolicy[6].• ApplicationsrequiringFIPSadherencemustfollowtherecommendationsfoundinNISTSpecialPublication800-
131ARevision1[8](“SP800-131ARevision1”).
Thismoduleimplementsbothapprovedandnon-approvedservices.Thecallingapplicationcontrolstheinvocationoftheservicesandthecryptographicmaterialbeingsuppliedorusedbytheservices.Whenthemoduleisloaded,themodulewillallow non-approvedalgorithmsandkeysizesto beused.Themodulealsooffersnon-approvedbutallowedRSAkeyestablishmentandexchangeservicesevenwhenoperatingFIPSrestricted.Note:ThemoduledoesnotenforcethemorerecentrestrictionsintroducedbySP800-131ARevision1.Insomecases,it’snotpossibleforthemoduletodotheenforcementsincethecontextoftherequestisnotknown.Therefore,allapplicationsrequiringFIPSadherencemustexplicitlyfollowtherecommendationsfoundinSP800-131ARevision1andself-enforce.TheSystemSSLmoduleandCPACFrepresentthelogicalboundary.Thephysicalcryptographicboundaryforthemoduleisdefinedastheenclosureofthehostonwhichthecryptographicmoduleistobeexecuted.TheRACFSignatureVerificationmodule(IRRPVERS)isshippedaspartoftheSecurityServerRACFcomponent.IRRPVERSisboundbythismoduleinordertovalidatethesignatureonGSKC31F(orGSKC64F).Itisnotconsideredpartofthecryptographicboundaryofthismodule.TheICSFPKCS#11moduleisshippedaspartoftheIntegratedCryptographicServicesFacility(ICSF)component.ICSFPKCS#11isboundbythismoduleforbasiccryptographicservices.Itisnotconsideredpartofthecryptographicboundaryofthismodule.AsshowninFigure2,SystemSSLCryptographicModule,thecryptographicmodule’sDLLisinstantiatedwithinanapplication’saddressspacebySystemSSLelement.EachapplicationoroperatingsystemcomponentthatutilizestheSystemSSLelementsupportwillcreateanewinstanceofthez/OSSystemSSLcryptographicmodule.UsageoftheFIPScertifiedICSFPKCS#11moduleprovidessupportforcertifiedcryptographicalgorithmsnotavailablewithintheSystemSSLmodule(i.e.randomnumbergeneration)andhardwareRSAsignatureverificationandkeywrapping.TheFIPScertifiedRACFSignatureVerification(IRRPVERS)moduleperformstheinitialintegritypower-uptests.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page15of27
Figure 2: System SSL Cryptographic Module
AsshowninFigure3,SystemSSLCryptographicModuleinaz/OSSysplexEnvironment,aSystemSSLcryptographicmodulemaybedeployedinahighavailabilityenvironmentwheretheapplicationmayineffectbeinstantiatedonmultiplez/OSsysteminstancesconfiguredina“clustered”environmentknownasaparallelsysplex.Aparallelsysplexmakesthesesystemsbehavelikeasingle,logicalcomputingfacility.Theunderlyingstructureoftheparallelsysplexremainsvirtuallytransparenttousers,networks,applications,andevenoperations.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page16of27
Figure 3: System SSL Cryptographic Module – Sysplex
7. KeyManagementKeyStorage:TheSystemSSLmoduleprovideskeygeneration,importandexportservicestoapplicationstobeusedinconjunctionwithcryptographicservices.ItistheresponsibilityofapplicationsusingtheservicestoensurethattheseservicesareusedinaFIPS140-2compliantmanner.Inparticular,seetable6andthefootnotesoftable6forinformationondeprecatedkeysizes/usages.Keysmanagedorgeneratedbyapplicationsorlibrariesmaybepassedfromapplicationstothemoduleintheclear,providedthatthesendingapplicationorlibraryexistswithinthephysicalboundaryofthehostcomputer.Keymaterialresidesinapplicationmemoryascleardataorinastandardkeystoreformat.Themostfrequentlyusedstandardformats,usingpassphrase-derivedkeyssuchasPKCS#12,areclassifiedasclear-keystorageaccordingtoFIPSPub140-2guidelines. KeyGenerationKeyGenerationusesanapprovedDRBGalgorithmprovidedasanapprovedservicethroughtheboundICSFPKCS#11module.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page17of27
TheKeyGenerationmethodsimplementedinthemoduleforApprovedservicesinFIPSmodearecompliantwithSP800-133.RSA,DSAandECDSAkeygenerationisdoneaccordingtoFIPSPub186-4[3].Diffie-HellmankeygenerationissimilartoDSAkeygeneration.ECDiffie-HellmankeygenerationissimilarECDSAkeygeneration.ForgeneratingRSA,DSAandECDSAkeysthemoduleimplementsasymmetrickeygenerationservicescompliantwithFIPSPub186-4andSP800-90A.Aseed(i.e.therandomvalue)usedinasymmetrickeygenerationisdirectlyobtainedfromtheSP800-90ADRBG.ThemoduledoesnotgeneratesymmetrickeysKeyEstablishmentThemoduleprovidessupportforasymmetrickeyestablishmentmethodsasallowedbyAnnexDintheFIPSPub140-2.ThesupportedasymmetrickeyestablishmentmethodsareRSAWrapping/Unwrapping,Diffie-HellmankeyagreementandECDHkeyagreement.Diffie-HellmanandECDHkeyagreementusesapprovedservicesthroughboundICSFPKCS#11module.WhenusingDiffie-HellmaninFIPS140-2mode,theallowedmoduluslengthis2048bits,whichprovides112bitsofencryptionstrength.WhenusingRSAWrapping/UnwrappinginFIPS140-2mode,theallowedmoduluslengthsmustbebetween2048and4096bitswhichprovidesbetween112and150bitsofencryptionstrength.Useofmoduluslengthslessthan2048bitsisnotallowedperSP800-131ARevision1.ApplicationsrequiringFIPSadherencemustnotusemoduluslengthslessthan2048bits.KeyEntryandKeyExitThemoduledoesnotsupportmanualkeyentryorintermediatekeygenerationkeyoutput.Themoduledoesnotoutputorinputkeysoutsideofthephysicalboundary.KeyProtectionToenforcecompliancewithFIPSPub140-2keymanagementrequirementsontheSystemSSLmoduleitself,codeissuingcallsmustmanagekeysinaFIPSPub140-2compliantmethod.KeysmanagedorgeneratedbyapplicationsmaybepassedfromtheapplicationtothemoduleintheclearintheFIPSPub140-2validatedconfiguration.Themanagementandallocationofmemoryistheresponsibilityoftheoperatingsystem.Itisassumedthatauniqueprocessisallocatedforeachrequest,andthattheoperatingsystemandtheunderlyinghardwarecontrolaccesstotheaddressspacewhichcontainstheprocessthatusesthemodule.Eachinstanceofthecryptographicmoduleisself-containedwithinaprocess;themodulereliesonsuchprocessseparationandaddressseparationtomaintainconfidentialityofsecrets.AllplatformsusedduringFIPSPub140-2validationprovidedper-processprotectionforuserdata.KeysstoredinternallywithintheaddressrangeofSystemSSLmodulearesimilarlyseparatedlogically(eveniftheyresideinthesameaddressspace).AllkeysareassociatedwiththeUserrole.ItistheresponsibilityofapplicationprogramdeveloperstoprotectkeysexportedfromtheSystemSSLmodule. KeyDestructionApplicationsmustdestroypersistentkeyobjectsandsimilarsensitiveinformationusingFIPSPub140-2compliantprocedures.TheSystemSSLmoduleitselfdoesnotdestroyexternallystoredkeysandsecrets,asitdoesnotownordiscardpersistentobjects.Objects,whenreleasedonbehalfofacaller,areerasedbeforetheyarereleased.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page18of27
8. PhysicalSecurityTheSystemSSLmoduleinstallationinheritsthephysicalcharacteristicsofthehostrunningit.TheSystemSSLmodulehasnophysicalsecuritycharacteristicsofitsown.Figure4illustratesanIBMSystemz13mainframecomputer.TheCPAssistforCryptographicFunction(CPACF)(seeFigure6)isalsoahardwaredevice–partoftheCoProcessorUnit(CoP)andoffersthefullcomplementoftheTripleDESalgorithm,AdvancedEncryptionStandard(AES)algorithmandSecureHashAlgorithm(SHA).SecurityLevel1issatisfiedbythedevice(CoP)beingincludedwithinthephysicalboundaryofthemoduleandthedevicebeingmadeofcommercial-gradecomponents.CPACFPhysicalDesign:Eachmicroprocessor(core)onthe8-corechiphasitsowndedicatedCoP,whichimplementsthecryptoinstructionsandalsoprovidesthehardwarecompressionfunction.ThecompressionunitisintegratedwiththeCPAssistforCryptographicFunction(CPACF),benefitingfromcombining(sharing)theuseofbuffersandinterfaces.
Figure 4: IBM z13 Mainframe Computer
z/OSVersion2Release2SystemSSLSecurityPolicy
Page19of27
Figure 5: Crypto Express5 Card
Figure 6: Processor Unit chip
z/OSVersion2Release2SystemSSLSecurityPolicy
Page20of27
9. EMI/EMCSystemsutilizingthemodule’sserviceshavetheiroverallEMI/EMCratingsdeterminedbythehostsystem,whichincludestheCPACF.Thevalidationenvironmentsmeettherequirementsof47CFRFCCPART15,SubpartB,ClassA(Businessuse).
10. Self-Tests
10.1 SystemSSLModuleTheSystemSSLmoduleimplementsanumberofself-teststocheckproperfunctioningofthemoduleincludingpower-upself-testsandconditionalself-tests.Conditionaltestsareperformedwhenasymmetrickeysaregenerated.Thesetestsincludepair-wiseconsistencytestsofthegeneratedDSAorRSAkeys.StartupSelf-Tests“Power-up"self-testsconsistofsoftwareintegritytest(s)andknown-answertestsofalgorithmimplementations.Themoduleintegritytestisautomaticallyperformedduringloading.TheintegrityofthemoduleisperformedbyboundcryptographicmoduleIRRPVERSbasedontheverificationofthemodule’sRSA/SHA-256based-digitalsignaturepriortothemodulebeingutilized.Modulesignaturesaregeneratedduringthefinalphaseofthebuildprocess.Initializationwillonlysucceediftheutilizedmodulesignatureisverifiedsuccessfully.TheintegrityverificationstartswithboundmoduleIRRPVERSverifyingitsowndigitalsignature.Onceverified,IRRPVERSverifiesthedigitalsignatureofeitherGSKC31ForGSKC64F.Algorithmknownanswertests(KAT)areinvokedautomaticallyuponloadingtheSystemSSLmodule.TheinitializationfunctionisexecutedviaDEP(defaultentrypoint)asspecifiedinFIPS140-2ImplementationGuidance9.10.Ifanyoftheknownanswertestsfail,themoduleisrenderunusable(allcryptographicservicesreturnanerrorreturncode).Anyattemptstousethemodulewillfail.Priortotheexecutionofthepower-upself-tests,theSystemSSLmodulecheckswhetherenvironmentvariableGSK_HW_CRYPTOhasbeenset.Ifnotset,AES,TDES,SHA-1andSHA-2KATtestsareperformedusingtheCPACF.IfGSK_HW_CRYPTOisset,AES,TDES,SHA-1andSHA-2CPACFcryptographicalgorithmscanbedisabledforusebytheSystemSSLthroughbitsettingswithinthespecifiedvalue.Ifthecryptographicalgorithmhasbeendisabled,theKATisrunagainstthesoftwareversionwithintheSystemSSLmodule.OnlyoneversionofthealgorithmissupportedfortheentireinstanceoftheSystemSSLmodule.Themoduleteststhefollowingcryptographicalgorithms:CPACF:AESencryption/decryption,TripleDESencryption/decryption,SHA-1,SHA-224,SHA-256,SHA-384andSHA-512.SystemSSLmodulesoftware:AESencryption/decryption,TripleDESencryption/decryption,SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,RSA(2048-bitkeysign/verify,wrapping/unwrapping),DSA(2048-bitprimesign/verify),HMAC-SHA-1,HMAC-SHA256andHMAC-SHA384.Duringtheself-testprocessing,alldataoutputisinhibiteduntiltheself-testsarecompleted.StartupRecoveryIfanyofthestartupself-testsfail,theSystemSSLmodulewillterminateFIPS140-2processingandenterintoerrorstate.TheSystemSSLelement’scallingapplicationmustrecognizethiserrorandhandleitinaFIPS140-2appropriatemanner,forexample,byreinitializingthemoduleinstance.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page21of27
Pair-wiseConsistencyChecksThistestisrunwheneverthemodulegeneratesaRSAorDSApublic/privatekey-pair.Ifthepair-wiseconsistencycheckfails,themoduleentersanerrorstateandreturnsanerrorstatuscode.TheSystemSSLelement’scallingapplicationmustrecognizethiserrorandhandleitinaFIPS140-2appropriatemanner,forexample,byreinitializingthemoduleinstance.InvokingFIPS140-2self-testsondemand.IfausercanaccessSystemSSLservices,themodulehaspasseditsintegrityandpower-upself-tests.Duringregularoperations,ahostapplicationcanasktheSystemSSLelementtorepeattheknownanswertestsondemandforalgorithmswithintheSystemSSLmodule.TheSystemSSLelementinvokesinternalAPI“performKAT”function.Ifthesetestspass,themoduleisworkingproperly.IfaKATfailureisencountered,themoduleentersanerrorstateandreturnsanerrorstatuscode.ThecallingapplicationmustrecognizethiserrorandhandleitinaFIPS140-2appropriatemanner,forexample,byreinitializingthemoduleinstance.
11. OperationalRequirements(Officer/UserGuidance)
11.1 ModuleConfigurationforFIPS140-2ComplianceToensureFIPS140-2compliantusage,thefollowingrequirementsmustbeobserved:
• IRRPVERSmustbeconfiguredtoexecuteinFIPS140-2modeaccordingtoitsSecurityPolicy[7]andbeoperationalpriortoSystemSSLmodulebeingutilized.
• ICSFPKCS#11mustbeconfiguredtoexecuteinFIPS140-2modeaccordingtoitsSecurityPolicy[6]andbe
operationalpriortoSystemSSLmodulebeingutilized.
• CryptoofficersofSystemSSLmustverifythatthecorrectSecurityManagerProfileshavebeendefinedtoensurethatstartupintegritytestsareperformed.EachSystemSSLmoduleDLLcontainsanRSA/SHA-256signature.Thestartupintegritytestsensurethatthesignaturematchestheexpectedvalue.Seez/OSSystemSSLelementdocumentation[1]forSecurityManagerProfilesettings.
• ApplicationsusingSystemSSLelementfeaturesmustobserveFIPSPub140-2rulesforkeymanagementand
providetheirownself-tests.Forproperoperations,thecryptoofficerorusersmustverifythatapplicationscomplywiththisrequirement.Whiledetailsoftheseapplicationrequirementsareoutsideofthescopeofthispolicy,theyarementionedhereforcompleteness.
• TheOperatingSystem(OS)hostingthelibrarymustbesetupinaccordancewithFIPSPub140-2rules.Itmustprovidesufficientseparationbetweenprocessestopreventinadvertentaccesstodataofdifferentprocesses.(Thisrequirementwasmetforallplatformstestedduringvalidation.)
• Aninstanceofthemodulemustnotbeusedbymultiplecallerssimultaneouslysuchthattheymightinterferewitheachother.Notethatforkeysretainedincaller-providedstorage,thisrequirementisautomaticallymetiftheOSprovidessufficientprocessseparation(sincetheownershipofeachmemoryregion,therefore,eachobject,isuniquelydetermined.)
z/OSVersion2Release2SystemSSLSecurityPolicy
Page22of27
• ApplicationsusingSystemSSLmoduleservicesmustverifythatownershipofkeysisnotcompromised,andkeysarenotsharedbetweendifferentusersofthecallingapplication.NotethatthisrequirementisnotenforcedbytheSystemSSLmoduleitself,butbytheapplicationprovidingthekeystoSystemSSL.
• ApplicationsutilizingSystemSSLservicesmustavoidusingnon-approvedalgorithmsormodesofoperation.Ifnotfeasible,theapplicationmustindicatethattheyuseutilizenon-approvedcryptographicservices.ApplicationsmustalsocomplywiththekeysizeandalgorithmrequirementsspecifiedinthelatestversionofNISTSpecialPublication800-131ARevision1.
• TobeinFIPS140-2mode,theSystemSSLinstallationmustrunonahostwithcommercialgradecomponentsandmustbephysicallyprotectedasprudentinanenterpriseenvironment.
• AccordingtoIGA.13,thesameTriple-DESkeyshallnotbeusedtoencryptmorethan22864-bitblocksofdata.
• Physicalassumptionso Themoduleisintendedforapplicationuseinuserareasthathavephysicalcontrolandmonitoring.Itis
assumedthatthefollowingphysicalconditionswillexist:§ LOCATION
• Theprocessingresourcesofthemodulewillbelocatedwithincontrolledaccessfacilitiesthatwillpreventunauthorizedphysicalaccess.
§ PROTECTION• Themodulehardwareandsoftwarecriticaltosecuritypolicyenforcementwillbe
protectedfromunauthorizedphysicalmodification.• Anysysplexcommunicationsshallbeconfiguredsothatunauthorizedphysicalaccessis
prevented.• Personnelassumptions
o Itisassumedthatthefollowingpersonnelconditionswillexist:§ MANAGE
• Therewillbeoneormorecompetentindividualsassignedtomanagethemoduleandthesecurityoftheinformationitcontains.
§ NOEVILADMINISTRATOR• Thesystemadministrativepersonnelarenotcareless,willfullynegligent,orhostile,and
willfollowandabidebytheinstructionsprovidedbytheCryptoOfficerdocumentation.§ CO-OPERATION
• Authorizeduserspossessthenecessaryauthorizationtoaccessatleastsomeoftheinformationmanagedbythemoduleandareexpectedtoactinacooperativemannerinabenignenvironment.
11.2 DeterminingModeofOperationTheFIPSmodeforthismoduleisenforcedbypolicy.TheapplicationutilizingservicesmustenforcekeymanagementcompliantwithFIPSPub140-2requirements.Thisshouldbeindicatedinanapplication-specificwaythatisdirectlyobservablebycryptoofficersandend-users.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page23of27
Whilesuchapplication-specificdetailsareoutsidethescopeofthevalidation,theyarementionedhereforcompleteness.TheuserapplicationmustcomplywiththekeysizerequirementsspecifiedinthelatestrevisionoftheNISTSpecialPublication800-131A.Iftheservicesdefinedintable6and7areutilized,themoduleisthenFIPSmode.Iftheservicesdefinedintable8areutilized,themodulewillbeconsiderednotinFIPSmode.
11.3 Testing/PhysicalSecurityInspectionRecommendationsInadditiontoautomatictests,whicharedescribedelsewhereinthisdocument,aSystemSSLelementapplicationmayinvokeFIPS140-2modeself-testsatanytime.Theseself-testsareinitiatedthroughadedicatedfunction“performKAT”function,whichisinvokedautomaticallyatstartup.Continuoustestsresidewithintheirrespectivefunctionsandarecalledimplicitlyduringthefunctionprocessing.Thesetestsarenotobservableunlessafailureisdetected.Apartfromprudentsecuritypracticeofserverapplicationsandthoseofsecurity-criticalembeddedsystems,nofurtherrestrictionsareplacedonhostsutilizingtheseservices.
12. MitigationofOtherAttacksTheMitigationofOtherattackssecuritysectionofFIPS140-2isnotapplicabletotheSystemSSLcryptographicmodule.
13. CryptographicModuleConfigurationDiagramsThefollowingdiagramsillustratethedifferentvalidatedconfigurations.Thesevalidatedconfigurationscanconsistofasinglez/OSSysteminstanceormultiplez/OSSysteminstances.Figure7illustratesIBMz13withCPAssistforCryptographicFunctionsDES/TDESEnablementFeature3863
Figure 7: Validated Configuration with CPACF and ICSF PKCS #11
z/OSVersion2Release2SystemSSLSecurityPolicy
Page24of27
Figure 8 illustrates IBM z13 with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 and optional Crypto Express5 cards (Accelerator (CEX5A)) configuration.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page25of27
Figure 8: Validated Configuration with CPACF, ICSF PKCS #11 and CEX5A card
14. GlossaryAddressspace Asetofcontiguousvirtualaddressesavailabletoaprogramanditsdata.Theaddressspaceisa
containerforenclavesandprocesses. [4] [5] API ApplicationProgrammingInterface CEX5A CryptoExpress5Accelerator,mainframenameforIBMHardwareSecurityModules(HSMs). CP CentralProcessor,akaCPUCPACF CPAssistforCryptographicFunction,clearkeyon-chipacceleratorintegratedintomainframe
processors.CPACFfunctionalityisrestrictedtosymmetricandhashingoperations.DLL DynamicLinkLibrary,sharedprogramlibraryinstantiatedseparatelyfrombinariesusingit.FIPS140-
2configurationsofSystemSSLDLLsareneverstaticallylinked.
z/OSVersion2Release2SystemSSLSecurityPolicy
Page26of27
DRBG DeterministicRandomBitGeneratorEnclave Inthez/OSLanguageEnvironment,acollectionofroutines,oneofwhichisnamedasthemain
routine.Theenclavecontainsatleastonethread.Multipleenclavesmaybecontainedwithinaprocess.[4][5]
ICSF IntegratedCryptographicServiceFacilityKAT KnownAnswerTestOS OperatingSystemProcess Acollectionofresources;bothprogramcodeanddata,consistingofatleastoneenclave.[4][5]RACF ResourceAccessControlFacilityRETAIN IBMdatabasesystemsharedbyIBManditscustomersServerPac Prepackagedversionofthez/OSOperatingSystemThread Anexecutionconstructthatconsistsofsynchronousinvocationsandterminationsofroutines.The
threadisthebasicruntimepathwithinthez/OSLanguageEnvironmentprogrammanagementmodel,andisdispatchedbytheoperatingsystemwithitsownrun-timestack,instructioncounterandregisters.Threadmayexistconcurrentlywithotherthreadswithinanaddressspace.[4][5]
15. References[1]z/OSCryptographicServicesSecureSocketsLayerProgramming(SC41-7495)withOA50589APARdocumentation[2]NationalInstituteofStandardsandTechnology,SecurityRequirementsforCryptographicModules(FIPS140-2),2002[3]NationalInstituteofStandardsandTechnology,FederalInformationProcessingStandards,DigitalSignatureStandard(FIPS186-4),2013[4]ABCsofz/OSSystemProgrammingVolume1(SG24-6981)[5]ABCsofz/OSSystemProgrammingVolume2(SG24-6982)[6]IBM®z/OS®Version2Release2ICSFPKCS#11CryptographicModule[7]IBM®z/OS®Version2Release2SecurityServerRACF®SignatureVerificationModule[8]NationalInstituteofStandardsandTechnology,SpecialPublication800-131ARevision1,Transitions:RecommendationforTransitioningtheUseofCryptographicAlgorithmsandKeyLengths,November6,2015
16. Trademarks
z/OSVersion2Release2SystemSSLSecurityPolicy
Page27of27
ThefollowingtermsaretrademarksoftheIBMCorporationintheUnitedStatesorothercountriesorboth:• IBM• RACF• zEnterprise• z/OS• zEC12• z13