How do I configure AT-TLS to support FIPS 140-2?

To configure AT-TLS to support FIPS 140-2, specify either On, Level1, Level2, or Level3 for the FIPS140 statement of the TTLSGroupAction statement:

• On Indicates that FIPS 140 is supported for this group and is enforcing 80 bit security strength size for all operations.

• Level1 Functionally equivalent to 'On'.

• Level2 Indicates that FIPS 140 is supported for this group and is utilizing 112 bit security strength size when generating new keys, digital signatures, and RSA encryption. However, it allows 80 bit security when performing digital signature verification, RSA decryption and Triple DES decryption when processing information that was protected by the TLS peer.

• Level3 Indicates that FIPS 140 is supported for this group and is enforcing 112 bit or higher security strength size for all operations. 80 bit security strength size is not allowed for any operation.

Requirement: ICSF must be active before starting AT-TLS groups configured to support FIPS140.

If the RACF® CSFSERV class is defined, the user ID associated with the TCP/IP stack and any application user ID that is using the TTLSGroup must be given READ access to the CSFRNG resource within the CSFSERV class. If the CSFSERV class is defined and Diffie-Hellman is being used, the application user ID must be given READ access to the CSF1TRC, CSF1DVK, CSF1GKP, CSF1GSK, CSF1GAV, and CSF1TRD resources within the CSFSERV class.