Enabling TLS Connection between IBM AD Build and IBM AD Connect for Mainframe
About this task
For IBM® AD V5.1.0.4 and earlier versions, the communication between IBM AD Build and IBM AD Connect for Mainframe is unencrypted socket session. Beginning with version 5.1.0.5, the optional secure communication, which uses the Transport Layer Security (TLS) protocol, is supported by using the Application Transparent Transport Layer Security (AT-TLS) feature of IBM z/OS® Communication Server.
The TLS protocol is a client or server cryptographic protocol. It is based on the earlier Secure Sockets Layer (SSL) specifications that are developed by Netscape Corporation for securing communications that use Transmission Control Protocol/Internet Protocol (TCP/IP) sockets. The TLS and SSL protocols are designed to run at the application level. Therefore, typically, an application must be designed and coded to use TLS/SSL protection. OpenSSL is an open source implementation of the SSL and TLS protocols. It is widely used on most Unix-like platforms and Microsoft Windows systems. OpenSSL supports the full suite of SSL and TLS protocols (SSL V2, SSL V3, TLS V1.0, TLS V1.1, and TLS V1.2 as of this writing), including a robust set of application programming interfaces (APIs) and a wide range of cryptographic primitives.
IBM AD Build can establish a secure communication with the mainframe host by using the OpenSSL toolkit. OpenSSL provides a wide range of configuration settings to customize the connection. IBM AD Build Client supports some of these settings. You can specify the values in a .ini file that is located in the IBM AD Build Client installation folder.
On the host side, the communication is handled by using IBM AT-TLS services. Before you configure IBM AD Build to enable TLS connection, make sure to complete the AT-TLS setup for IBM AD Connect for Mainframe. For instructions, see the Enabling TLS connection between IBM AD Build and IBM AD Connect for Mainframe topic in IBM AD Connect for Mainframe Configuration Guide.