SSL/TLS APIs

Table 1 lists the updates to the System SSL application interface for SSL/TLS application programming interfaces (APIs).

Table 1. Summary of changes to z/OS SSL/TLS APIs
API Release Description Reason for change
gsk_attribute_get_buffer() z/OS® V2R1 Changed:

Added support for new buffer attribute GSK_SUITE_B_CIPHERS.

 Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Added support for new buffer attribute GSK_TLS_SIG_ALG_PAIRS.

Enhanced existing buffer value, GSK_CONNECT_SEC_TYPE, to return TLSV12 when TLS V1.2 secure connection is established.

 TLS V1.2
z/OS V1R13 Changed:

Added support for new buffer attributes GSK_CLIENT_ECURVE_LIST and GSK_V3_CIPHER_SPECS_EXPANDED.

Enhanced existing buffer value, GSK_CONNECT_CIPHER_SPEC, to return 4-byte cipher values when 4-byte cipher support is enabled.

 Elliptic Curve Cryptography for TLS
gsk_attribute_get_data() z/OS V1R13 Changed:

Enhanced GSK_DATA_ID_SUPPORTED_KEYS to return certificate list that is tailored for TLS V1.2.

 TLS V1.2
gsk_attribute_get_enum() z/OS V2R1 Changed:
  1. Added support for new enum attribute GSK_CERT_VALIDATE_KEYRING_ROOT.

    Enhanced existing enum value, GSK_CERT_VALIDATION_MODE, to support mode setting to validate certificates according to RFC 5280.

  2. Added support for new enum attribute GSK_SUITE_B_PROFILE.
  1. x.509 certificate validation enhancements
  2. Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Added support for new enum attribute GSK_PROTOCOL_TLSV1_2 and GSK_V3_CIPHERS.

Existing enum GSK_PROTOCOL_USED enhanced to return TLSV1.2.

 TLS V1.2
z/OS V1R12 Changed:

Added support for new enum attributes GSK_EXTENDED_RENEGOTIATION_INDICATOR, GSK_RENEGOTIATION, and GSK_RENEGOTIATION_PEER_CERT_CHECK.

 RFC 5746 renegotiation
gsk_attribute_set_buffer() z/OS V1R13 with APAR OA39422 Changed:

Added support for new buffer attribute GSK_TLS_SIG_ALG_PAIRS

 TLS V1.2
z/OS V1R13 Changed:

Added support for new buffer attributes GSK_CLIENT_ECURVE_LIST and GSK_V3_CIPHER_SPECS_EXPANDED.

 Elliptic Curve Cryptography for TLS
gsk_attribute_set_callback() z/OS V1R13 Changed:

GSK_SESSION_RESET_CALLBACK updated for TLS V1.2.

 TLS V1.2
gsk_attribute_set_enum() z/OS V2R1 Changed:
  1. Added support for new enum attribute GSK_CERT_VALIDATE_KEYRING_ROOT.

    Enhanced existing enum value, GSK_CERT_VALIDATION_MODE, to support mode setting to validate certificates according to RFC 5280.

  2. Added support for new enum attribute GSK_SUITE_B_PROFILE.
  1. x.509 certificate validation enhancements
  2. Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Added support for new enum attribute GSK_PROTOCOL_TLSV1_2.

 TLS V1.2
z/OS V1R13 Changed:

Added support for new enum attribute GSK_V3_CIPHERS.

 Elliptic Curve Cryptography for TLS
z/OS V1R12 Changed:

Added support for new enum attributes GSK_EXTENDED_RENEGOTIATION_INDICATOR, GSK_RENEGOTIATION, and GSK_RENEGOTIATION_PEER_CERT_CHECK.

 RFC 5746 renegotiation
gsk_environment_open() z/OS V2R1 Changed:

During establishment of the SSL environment, support added for processing environment variable GSK_SUITE_B_PROFILE.

 Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

During establishment of the SSL environment support was added for processing environment variables GSK_PROTOCOL_TLSV1_2 and GSK_TLS_SIG_ALG_PAIRS.

 TLS V1.2
z/OS V1R13 Changed:

During establishment of the SSL environment support was added for process environment variable GSK_V3_CIPHER_SPECS_EXPANDED.

 Elliptic Curve Cryptography for TLS
gsk_get_all_cipher_suites() z/OS V2R1 Changed:

Updated SSL run time level.

 Release update
z/OS V1R13 New:

Returns the available SSL cipher suites.

 Support for returning 2-byte and 4-bytes cipher lists
gsk_get_cipher_suites() z/OS V2R1 Changed:

Updated SSL run time level.

 Release update
z/OS V1R13 Changed:

Updated SSL run time level.

 Release update
gsk_get_ssl_vector() z/OS V1R13 Changed:

Added GSK_SSL_LVL3 function mask.

 Release update
gsk_secure_socket_init() z/OS V2R1 Changed:

TLS V1.2 handshake performed according to Suite B profile definition.

 Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
z/OS V1R13 Changed:

Updated to support elliptic curve based TLS secure connections.

 Elliptic Curve Cryptography for TLS
gsk_secure_socket_misc() z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
gsk_secure_socket_read() z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
gsk_secure_socket_shutdown() z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
gsk_secure_socket_write() z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
Parent topic: System SSL summary of interface changes