Secure sockets layer (SSL) and Transport Layer Security (TLS)

SSL provides security for your interactions by securing the TCP/IP connection between SOAP Gateway and IMS Connect.

TLS is the successor to the SSL protocol. TLS V1.0 was the first version, succeeding SSL V3.0. New TLS versions continue to be defined by the Internet Engineering Task Force (IETF), and the TLS protocol maintains compatibility modes for the earlier SSL protocol.

The TLS protocol defined in RFC 2246 provides communications privacy over the Internet. The protocol enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. The client contacts the server by sending a communication known as a handshake, which enables the client and server to authenticate to each other and specify the type of encryption that is used during the session. All data exchanged between the client and server during the session is encrypted and cannot be read by a third party. In addition, the protocol includes a message integrity check to ensure the integrity and reliability of transmitted data.

The term SSL is often used to refer to this entire family of protocols. Unless otherwise specified, this convention is used in this set of information.

With the evolution of the web and on-demand information, data security has become critical for Internet users. The Secure Sockets Layer (SSL) protocol ensures that the transfer of sensitive information over the Internet is secure. SSL protects information from:
  • Internet eavesdropping
  • Data theft
  • Traffic analysis
  • Data modification
  • Trojan horse browser or server

SOAP Gateway communicates with IMS Connect through TCP/IP sockets. SSL can be used to secure the TCP/IP communication between the two entities. The SSL support provided by SOAP Gateway and IMS Connect uses a combination of public and private keys with symmetric key encryption schemes to achieve client and server authentication, data confidentiality, and integrity. SSL rests on top of TCP/IP communication protocol and allows an SSL-enabled server to authenticate itself to an SSL-enabled client and vice versa.

For the SSL connection between SOAP Gateway and IMS Connect, SOAP Gateway is considered the client and IMS Connect is considered the server. After authentication is complete, the server and client can establish an encrypted connection that also preserves the privacy and integrity of the data.

SOAP Gateway supports the use of the Application Transparent TLS (AT-TLS) feature in IBM® z/OS® Communications Server for SSL protocol handling. Therefore, any SSL or TLS version that the AT-TLS feature supports, including TLS V1.0, TLS V1.1 and SSL V3.0, are supported.