Transport Layer Security (TLS) for IP connections
TLS is a cryptographic protocol that provides security for connections over the Internet Protocol network. It is used for sessions over the web and for IPIC sessions. In both cases, the concept exists of a client that initiates a request and a server that provides the response. CICS can operate as a client or a server. A TLS session has two protocols: a handshake protocol to establish a secret key and a record protocol to encrypt data that flows in the session.
TLS is the modern version of a protocol originally called Secure Sockets Layer (SSL). SSL protocols are no longer supported, but the term is sometimes used interchangeably with TLS, especially in API options and resource definitions.
The TLS handshake is for the client and server to agree characteristics about the session: the TLS protocol and a cipher. The protocol that is used is the highest level that is supported by both sides. The cipher that is selected is a cipher that is common to both sides. The cipher that is selected is the first one in the list that is supplied by the server. If no common protocol or cipher is identified, a connection cannot be made. The exact mechanism of the handshake depends on the protocol level. The TLS 1.2 handshake and The TLS 1.3 handshake show how the configurable parameters flow between the client and the server.
For a more in-depth view of the TLS protocol, including keys and message authenticate codes (MACs), see TLS 1.2 Protocol and TLS 1.3 Protocol in the IBM SDK Java™ Technology Edition documentation.
The TLS 1.2 handshake
Swimlane diagram | Description |
---|---|
|
The TLS 1.3 handshake
Swimlane diagram | Description |
---|---|
|