Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Algorithms and key sizes z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
When executing in FIPS mode, System SSL continues to take advantage of the CP Assist for Cryptographic Function (CPACF) when available. Hardware cryptographic functions allowed in FIPS mode support clear keys and secure PKCS #11 keys. Secure keys stored in the PKDS are not supported. Table 1 summarizes the differences
between FIPS mode and non-FIPS mode algorithm support. Hardware availability
depends on the processor and CPACF feature installed. See Using cryptographic features with System SSL for more information about processors,
CPACF algorithm availability, and cryptographic card support.
Note: NIST SP800-131 recommended transition key sizes RSA
>= 2048 and DSA 2048 are not enforced by System SSL. Enforcement is
the responsibility of the calling application or system administrator.
|
Copyright IBM Corporation 1990, 2014
|