How an SSL connection is established

An SSL connection is established though a handshake (a series of communications exchanges) between the client and the server.

SSL handshake

The following diagram shows what happens during an SSL handshake:

Figure 1. SSL handshake
  1. The client sends a request to the server for a secure session. The server responds by sending its X.509 digital certificate to the client.
  2. The client receives the server's X.509 digital certificate.
  3. The client authenticates the server, using a list of known certificate authorities.
  4. The client generates a random symmetric key and encrypts it using server's public key.
  5. The client and server now both know the symmetric key and can use the SSL encryption process to encrypt and decrypt the information contained in the client request and the server response.

CICS® Transaction Gateway supports the JSSE implementation of SSL. JSSE as supplied with the Java SDK is the only supported option. For more information, see Security.

Authentication

During server authentication, a connection is only established if the client trusts the server based on the information presented by the server to the client in its certificate.

During client authentication (if activated) the client sends its certificate information to the server. A connection is then only established if the client trusts the server and the server trusts the client, based on the information exchanged in both certificates.