Description: As of z/OS V2R1, FIPS140 support now requires ICSF services. Ensure ICSF is started before starting AT-TLS groups with FIPS140 support enabled. ICSF services will be used for random number generation and for Diffie Hellman support for generating key parameters, key pairs and key exchanges.
Element or feature: | Communications Server |
When change was introduced: | z/OS V2R1 |
Applies to migration from: | z/OS V1R13 and z/OS V1R12. |
Timing: | Before the first IPL of z/OS V2R1. |
Is the migration action required? | Yes, if AT-TLS groups are configured in FIPS 140 mode. |
Target system hardware requirements: | None. |
Target system software requirements: | None. |
Other system (coexistence or fallback) requirements: | None. |
Restrictions: | None. |
System impacts: | The AT-TLS group will be installed but inactive. |
Related IBM Health Checker for z/OS check: | None. |
Reference information: See "FIPS 140-2 support" in z/OS V2R1.0 Communications Server: IP Configuration Guide.