TLS and SSL

The Transport Layer Security (TLS) protocol provides data encryption, data origin authentication, and message integrity. It also provides server and client authentication using X.509 certificates. TLS begins with a handshake during which the server is authenticated to the client using X.509 certificates. Optionally, the client can also be authenticated to the server using X.509 certificates. During the handshake, the TLS protocol version and security session parameters, including suites of cryptographic algorithms called cipher suites, are negotiated and session keys are created. After the handshake, the data is protected during transmission with data origin authentication, integrity and encryption using the session keys.

The cryptographic algorithms that are used for the TLS session are based on the cipher suite that the server and client negotiate. During the TLS handshake, the client and server exchange a list of cipher suites. The suite that is selected is based on the best match between the client list and the server list. You can limit the selectable algorithms by configuring a subset of allowable algorithms at the server. TLS supports cipher suites that include AES-based encryption and a variety of other encryption algorithms. Cryptographic hardware features like CPACF and Crypto Express adapters, if available, are used to accelerate certain cryptographic operations.

TLS typically requires a server X.509 certificate and associated private key, which are stored in a keystore such as a SAF key ring, a gskkyman key database, or a Java™ keystore. The certificate is used as part of the TLS handshake server authentication process. The client validates the server certificate. TLS optionally uses a client X.509 certificate that is used as part of the TLS handshake client authentication process. In order to use client authentication, the client must have a client X.509 certificate and associated private key. Successful client authentication requires that the Certificate Authority (CA) that signed the client certificate be considered trusted by the server. To be considered trusted, the certificate of the CA must be in the key store of the server.

See Transport Layer Security for detailed information on obtaining certificates.

TLS is based on the Secure Sockets Layer (SSL) protocol and is defined by the Internet Engineering Task Force (IETF) in RFCs 2246 (TLSv1.0), 4346 (TLSv1.1), and 5246 TLSv1.2) and 8446 (TLSv1.3). SSL was originally defined as a proprietary protocol, not by the IETF. Since TLS evolved from SSL, the two terms are used interchangeably throughout this book. When a specific TLS or SSL protocol version is intended, it will be specifically noted.

On z/OS® there are two different TLS implementations. System SSL, a component of the Cryptographic Services element, provides a full set of TLS APIs for C and C++ programs. For Java programs, z/OS provides a full function Java Secure Sockets Extension (JSSE) provider. z/OS Communications Server's AT-TLS support uses System SSL for its TLS protocol processing.