FIPS 140-2 level 1 support in z/OS System SSL requires z/OS 1.10 with the fixes for APAR OA26457, or z/OS 1.11 or later. Additional fixes and z/OS configuration changes are also required.
In particular, the operating system must include the Cryptographic Services Security Level 3 (FMID JCPT391) component of z/OS System SSL.
z/OS AT-TLS uses z/OS System SSL. For z/OS 1.12 and later, AT-TLS provides the following features in support of FIPS 140-2 compliance:
A configuration parameter to request that System SSL uses only FIPS 140-2 compliant encryption methods
Symbolic names for recent encryption methods such as those using AES-256 bit encryption
For earlier version of z/OS, you can enforce the use of FIPS-compliant encryption by specifying the candidate encryption methods as hexadecimal codes rather than symbolic names.
For more information about achieving FIPS 140-2 Level 1 compliance with System SSL, see the following IBM publications:
Cryptographic Services System Secure Sockets Layer Programming
APAR OA26457 System Secure Sockets Layer Programming