PM93363: NIST 800-131A MODE SUPPORT FOR Z/VM SSL SERVER

Obtain the fix for this APAR.

APAR status

• Closed as new function.

Error description

• The z/VM SSL Server does not currently have a mechanism to
  enforce an asymmetric key size minimum value of 2048.  This
  enforcement is a requisite for compliance to NIST Special
  Publication 800-131a.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of the z/VM TCP/IP feature that    *
  *                 use the z/VM SSL Server.                     *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  ****************************************************************
  * RECOMMENDATION: APPLY PTF                                    *
  ****************************************************************
  NIST Special Publication 800-131A is a newer standard for key
  use in cryptographic operations which mandates restrictions on
  the use of previously permissible key lengths. Specifically,
  lengths of asymmetric keys are required to be at least 2048 and
  a hash in the SHA-2 family is recommended by this standard.
  
  The z/VM SSL Server currently does not have an internal
  mechanism or option for restricting asymmetric key usage. The
  previously available 'FIPS' mode will only restrict keys less
  than 1024 in length, but this is not sufficient to meet newer
  standards.
  

Problem conclusion

Temporary fix

Comments

• The z/VM SSL Server has been updated to accept a new operand
  'MODE' as part of its VMSSL or DTCPARMS start-up processing.
  This option accepts one of two keywords as parameters:
  'FIPS-140-2' (which replaces the existing 'FIPS' operand) and
  'NIST-800-131A'. This latter mode changes the operational
  behavior of the SSL Server as follows:
  
   1. All connections must use TLS 1.2. All other protocols
      are disabled.
   2. All asymmetric keys must be 2048 in length and either
      RSA or Diffie-Hellman.
   3. SHA-256 is the minimum required hash for a digital
      certificate.
  
  The SSLADMIN EXEC has been updated to reflect 'Cryptographic
  Modes' enabled and disabled via the SSLADMIN QUERY STATUS
  DETAILS command.
  
  The z/VM 6.3 TCP/IP Planning and Customization Guide (SC24-6238-
  04) will be updated as follows:
  
  1. The 'VMSSL Command' syntax diagram (page 532) will be updated
  to reflect the 'MODE' operand. On the following pages, the
  'Operands' list will be updated to describe the MODE operand in
  detail, as follows:
  
  MODE
    establishes a baseline of functionality for the entire SSL
    Server. The values that can be specified are:
  
    FIPS-140-2
     indicates that the SSL server should operate according to
     Federal Information Processing Standard (FIPS) 140-2. This
     mode allows only TLS protocols to be used, and restricts the
     usage of some cipher suites.
     Operand MODE FIPS-140-2 is equivalent to setting operand
     FIPS.
  
    NIST-800-131A
     indicates that the SSL server should operate according to
     NIST Special Publication 800-131a. This requires the use of
     TLS 1.2, restricts the usage of certain cipher suites, and
     mandates the use of RSA or Diffie Hellman keys of 2048 or
     greater for all secure connections.
  
   Note:
   * MODE can be specified multiple times to enable available
     standards of operation. In cases where multiple standards are
     enabled, the maximum common subset of functionality will be
     enabled.
   * MODE FIPS-140-2 is the preferred method of enabling
     FIPS-compliant behavior for the SSL server; it should replace
     the use of the FIPS operand.
   * If MODE NIST-800-131A is enabled, all protocols other than
     TLS 1.2 will be automatically disabled.  TLS 1.2 must still
     be enabled using the PROTOCOL operand.
   * Specifying MODE FIPS-140-2 requires that the SSL server be
     associated with a FIPS-compliant certificate database.
  
  Tables 36 and 37, regarding SSLV2, SSLV3, and TLS Cipher Suite
  values, will be updated to indicate whether a cipher suite is
  associated with either cryptographic mode (or both). This will
  provide an easier reference for determining whether the setting
  of the MODE operand is compatible with local security policy.
  The existing Table 38, which highlighted FIPS-compliant cipher
  suites specifically, will be deleted.
  
  The SSLADMIN QUERY command description on page 554 and 555 will
  be updated to display the new 'Cryptographic Mode details' field
  of SSLADMIN QUERY STATUS DETAILS, which will appears as follows:
  
      DTCSSL2430I Cryptographic Mode details:
      Server    State:   Modes:
      --------- -------- -----------------------------------------
      <*ALL*>   Enabled  FIPS-140-2
      <*ALL*>   Disabled NIST-800-131A
      SSL00005 <*Data Not Available*>
      SSL00004 <*Data Not Available*>
  
  A description of the header fields will follow on page 556,
  as follows:
  
    The fields of the "Cryptographic Mode details" portion of this
    response supply the following information:
  
    Server   Identifies an SSL server name, or is the value
             <*ALL*>, which represents all SSL servers.
    State    Indicates whether listed cryptographic modes
             are enabled for, or disabled from, use by an
             SSL server.
    Modes    One or more cryptographic modes of operation,
             such as FIPS 140-2 or NIST SP 800-131A.
  
  In the same section, the SSLADMIN QUERY STATUS SUMMARY example
  text will be updated to note a changed header field,
  "Mode(s) Configured", which replaces a FIPS-specific indicator.
  
  The z/VM 6.3 TCP/IP Messages and Codes manual (GC24-6237-03)
  will be updated to provide the following new messages, under
  'SSL Server Messages' in Chapter 17:
  
    DTCSSL104I Operating in NIST SP 800-131a mode
    Explanation:  The SSL server has been started in NIST SP
    800-131a compliant mode.
    System action:  Server operations continue.
    System programmer response:  None.
  
    DTCSSL105I Not operating in NIST SP 800-131a mode
    Explanation:  The SSL server has not been started in
    NIST SP 800-131a compliant mode.
    System action:  Server operations continue.
    System programmer response:  None.
  
    DTCSSL506E Key exchange lengths less than 2048 are not
    supported in NIST 800-131A mode
  
    Explanation:  For security reasons, RSA or DSA key exchange
    lengths of less than 2048 bits are not permitted when
    MODE NIST-800-131A is specified.
  
    System action:  Server operations continue. The subject
    secure connection is terminated.
  
    System programmer response:  Obtain a new certificate from the
    appropriate Certifying Authority (CA) to use in place of the
    current certificate.  Install the replacement certificate in
    the key database and make any necessary configuration changes
    (inclusive of an SSLADMIN REFRESH command, if appropriate).
    Then, confirm that secure connections can be established with
    the new certificate in place.
  
  In the same section, messages DTCSSL101I and DTCSSL102I will
  be updated to fix a documentation error, correcting the spelling
  of "FIPS 104-2" to "FIPS 140-2".
  
  The z/VM 6.3 TCP/IP Messages and Codes manual (GC24-6237-03)
  will be updated to provide the following new messages, under
  'SSLADMIN and VMSSL Messages' in Chapter 17:
  
  DTCSSL2464W Only TLS V1.2 may be used in NIST
              SP 800-131A mode. All other protocols
              have been disabled.
  Explanation: For security reasons, the SSL Server
  disables SSLv2, SSLv3, TLS 1.0, and TLS 1.1 when
  operating in NIST SP 800- 131a mode. This is managed
  internally by the SSL Server and cannot be overridden.
  System action: None.
  System programmer response: None.
  
  DTCSSL2465W FIPS operand is deprecated; the
  MODE operand should be used instead.
  Explanation: The MODE operand replaces the FIPS
  operand. This message is issued when the FIPS
  operand is specified during initialization of the SSL
  System action: None.
  System programmer response: Specify MODE
  FIPS-140-2 instead of FIPS on the VMSSL command or
  in DTCPARMS.
  

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI12490

Modules/Macros

• DTCUME   DTCUMEB  QUERY    SSLADMIN SSLADMIO
  SSLADMNP SSLCIPHS SSLCTLIO SSLDSPTC SSLGSKCF SSLPARGS SSLREPRT
  SSLSTART SSLTRSIT VMSSL
  

Fix information

• Fixed component name

  TCP/IP V2 FOR V

• Fixed component ID

  5735FAL00

Applicable component levels

• R630 PSY UI12490

     UP13/11/13 P 1401

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.