Start of change

SP800-131A compliance

SP800-131A compliance strengthens security by requiring the use of stronger cryptographic keys and more robust algorithms.

Note: SP800-131A compliance is supplied in APAR PM98779 , PTF UK98510.
To specify that SP800-131A transition or strict compliance is required, set the Java system property com.ibm.jsse2.sp800-131 as follows:
com.ibm.jsse2.sp800-131=<transition|strict|off>
Set the property for the Java client application in local mode and the Gateway daemon in remote mode. For strict support on an SSL connection between a Java client application and the Gateway daemon, both the Java client application and Gateway daemon must specify com.ibm.jsse2.sp800-131=strict.

For strict support with .NET clients, the SslGatewayConnection must be configured to use TLS 1.2. This property can be set with the EnabledSslProtocols property or CtgSslProtocols application configuration setting.

If using Cipher suites that use AES_256 then the Gateway JVM must be updated with the Unrestricted JCE policy files placed in the directory. To obtain the Unrestricted JCE policy files and for more information, see IBM SDK Policy Files

CICS Transaction Gateway supports SP800-131a strict mode on IPIC SSL connections in local and remote mode to CICS Transaction Server and TXSeries versions which also support SP800-131a strict mode. This includes support for requests from WebSphere Application Server using the CICS ECI resource adapter.

For more information, see the National Institute of Standards and Technology (NIST) Special Publications 800-131a at http://csrc.nist.gov/publications/nistpubs/800-131A/SP800-131A.pdf


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tgzos_latest/help/topic/com.ibm.cics.tg.zos.doc//ctgzos/SP800.html
End of change