Product Lifecycle
Abstract
This tech note describes the configuration that is required in IBM Tivoli Directory Server V6.3.0.17 (and later fix levels) for the transition to NIST SP 800-131A.
Content
Overview
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131A guidelines provide cryptographic key management guidance. These guidelines include:
- Key management procedures.
- How to use cryptographic algorithms.
- Algorithms to use and their minimum strengths.
- Key lengths for secure communications.
Suite B mode is a restrictive subset of the SP 800-131A specification. Suite B defines the cryptographic algorithm policies to use with the Transport Layer Security (TLS) protocol for national security applications.
Government agencies and financial institutions use the NIST SP 800-131A guidelines to ensure that the products conform to specified security requirements.
Support for the transition to NIST SP 800-131A
For the transition to NIST SP 800-131A guidelines, IBM Tivoli Directory Server V6.3.0.17 (and later fix levels including the latest recommended fix level) supports:
- The Transport Layer Security (TLS) 1.2 protocol.
- Disabling protocols other than TLS 1.2.
- Public keys with the following key strengths:
- The RSA keys with a minimum size of 2048 bits.
- The elliptic curve (EC) keys with a minimum size of 160-bits or curve p160.
- Certificates with the RSA keys 2048-bits or higher or with the EC keys 160-bits or curve p160 or higher.
- Digital signatures with a minimum of SHA2 encryption algorithm.
- Setting the TLS 1.2 signature and hash algorithm restrictions.
- Suite B mode.
For more information about how to configure Tivoli Directory Server, version 6.3.0.17 (and later fix levels) to support the transition to NIST SP 800-131A, see the Support for NIST SP 800-131A guide.
[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21610440