As a user of AT-TLS groups configured in FIPS 140 mode, what do I have to do to migrate to V2R1 Communications Server?

Question & Answer

Question

Answer

As of z/OS V2R1, FIPS140 support now requires ICSF services.

Ensure ICSF is started before starting AT-TLS groups with FIPS140 support enabled.

ICSF services will be used for random number generation and for Diffie Hellman support for generating key parameters, key pairs and key exchanges.

Steps to take:

Ensure ICSF is active before starting AT-TLS groups configured to support FIPS140-2.
If the CSFSERV class is defined, give READ access to the userid associated with the TCPIP stack and any application userid using the TTLSGroup to the CSFRNG resource within the RACF CSFSERV class.
If the CSFSERV class is defined and Diffie Hellman is being used, give READ access to the application userid to the CSF1TRC, CSF1DVK, CSF1GKP, CSF1GSK, CSF1GAV, and CSF1TRD resources within the RACF CSFSERV class.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
18 April 2015

UID

dwa1187021

Tips

As a user of AT-TLS groups configured in FIPS 140 mode, what do I have to do to migrate to V2R1 Communications Server?

Question & Answer

Question

Answer

Product Synonym

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?