z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1917I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1917I
IKE status for stack tcpname is FIPS140 enabled but IKED is not FIPS140 enabled

Explanation

The Federal Information Processing Standard 140 (FIPS 140) function is enabled for the named TCP/IP stack, but it is not enabled for the IKE daemon. The Internet Key Exchange (IKE) daemon is not permitted to provide cryptographic services to the stack.

In the message text:
tcpname
The name of the affected TCP/IP stack.

System action

The IKE daemon will not perform Security Association (SA) negotiation or any other cryptographic services for the specified stack. IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Stacks that are enabled for FIPS 140 support require that the IKE daemon also be enabled for FIPS 140 support.

The stack configuration, the IP security policy for the stack, the IKE daemon configuration, and the NSS server configuration must all be consistent. To understand the implications and requirements for enabling FIPS 140 support in your environment, see the information about FIPS 140 and IP security in z/OS Communications Server: IP Configuration Guide.

User response

Not applicable.

Problem determination

None.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

stackobj.cpp

Routing code

11

Descriptor code

7

Automation

This message is output to syslog.

Example

EZD1917I IKE status for stack TCPCS is FIPS140 enabled but IKED is not FIPS140  enabled.
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014