SSL/TLS APIs

Table 1 lists the updates to the System SSL application interface for SSL/TLS application programming interfaces (APIs).

Table 1. Summary of changes to z/OS SSL/TLS APIs
API Release Description Reason for change
gsk_attribute_get_buffer() z/OS V2R2 Changed:
  1. Updates to GSK_KEYRING_FILE.
  2. Added support for GSK_PEER_ID and GSK_SID_VALUE.
  3. Added support for timely revocation checking and revocation flexibility.
  1. PKCS #12 certificate storage
  2. Client session resumption enhancement
  3. Certificate revocation enhancement
z/OS® V2R1 Changed:

Added support for new buffer attribute GSK_SUITE_B_CIPHERS.

 Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Added support for new buffer attribute GSK_TLS_SIG_ALG_PAIRS.

Enhanced existing buffer value, GSK_CONNECT_SEC_TYPE, to return TLSV12 when TLS V1.2 secure connection is established.

 TLS V1.2
z/OS V1R13 Changed:

Added support for new buffer attributes GSK_CLIENT_ECURVE_LIST and GSK_V3_CIPHER_SPECS_EXPANDED.

Enhanced existing buffer value, GSK_CONNECT_CIPHER_SPEC, to return 4-byte cipher values when 4-byte cipher support is enabled.

 Elliptic Curve Cryptography for TLS
gsk_attribute_get_data() z/OS V1R13 Changed:

Enhanced GSK_DATA_ID_SUPPORTED_KEYS to return certificate list that is tailored for TLS V1.2.

 TLS V1.2
gsk_attribute_get_enum() z/OS V2R2 Changed:
  1. Added support for GSK_REQ_CACHED_SESSION and GSK_ENABLE_CLIENT_SET_PEERID.
  2. Added support for timely revocation checking and revocation flexibility.
  1. Client session resumption enhancement
  2. Certificate revocation enhancement
z/OS V2R1 Changed:
  1. Added support for new enum attribute GSK_CERT_VALIDATE_KEYRING_ROOT.

    Enhanced existing enum value, GSK_CERT_VALIDATION_MODE, to support mode setting to validate certificates according to RFC 5280.

  2. Added support for new enum attribute GSK_SUITE_B_PROFILE.
  1. x.509 certificate validation enhancements
  2. Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Added support for new enum attribute GSK_PROTOCOL_TLSV1_2 and GSK_V3_CIPHERS.

Existing enum GSK_PROTOCOL_USED enhanced to return TLSV1.2.

 TLS V1.2
gsk_attribute_get_numeric_value() z/OS V2R2 Added support for timely revocation checking and revocation flexibility. Certificate revocation enhancement
gsk_attribute_set_buffer() z/OS V2R2 Changed:
  1. Updates to GSK_KEYRING_FILE and GSK_KEYRING_PW.
  2. Added support for GSK_PEER_ID and GSK_SID_VALUE.
  3. Added support for timely revocation checking and revocation flexibility.
  1. PKCS #12 certificate storage
  2. Client session resumption enhancement
  3. Certificate revocation enhancement
z/OS V1R13 with APAR OA39422 Changed:

Added support for new buffer attribute GSK_TLS_SIG_ALG_PAIRS

 TLS V1.2
z/OS V1R13 Changed:

Added support for new buffer attributes GSK_CLIENT_ECURVE_LIST and GSK_V3_CIPHER_SPECS_EXPANDED.

 Elliptic Curve Cryptography for TLS
gsk_attribute_set_callback() z/OS V2R2 Changed:

Updates to GSK_SNI_CALLBACK.

 PKCS #12 certificate storage
z/OS V1R13 Changed:

GSK_SESSION_RESET_CALLBACK updated for TLS V1.2.

 TLS V1.2
gsk_attribute_set_enum() z/OS V2R2 Changed:
  1. Updates to GSK_CERT_VALIDATE_KEYRING_ROOT.
  2. Added support for GSK_REQ_CACHED_SESSION and GSK_ENABLE_CLIENT_SET_PEERID.
  3. Added support for timely revocation checking and revocation flexibility.
  1. PKCS #12 certificate storage
  2. Client session resumption enhancement
  3. Certificate revocation enhancement
z/OS V2R1 Changed:
  1. Added support for new enum attribute GSK_CERT_VALIDATE_KEYRING_ROOT.

    Enhanced existing enum value, GSK_CERT_VALIDATION_MODE, to support mode setting to validate certificates according to RFC 5280.

  2. Added support for new enum attribute GSK_SUITE_B_PROFILE.
  1. x.509 certificate validation enhancements
  2. Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Added support for new enum attribute GSK_PROTOCOL_TLSV1_2.

 TLS V1.2
z/OS V1R13 Changed:

Added support for new enum attribute GSK_V3_CIPHERS.

 Elliptic Curve Cryptography for TLS
gsk_attribute_set_numeric_value() z/OS V2R2 Added support for timely revocation checking and revocation flexibility. Certificate revocation enhancement
gsk_attribute_set_tls_extension() z/OS V2R2 Changed:

Updates to GSK_TLS_EXTID_SNI_SERVER_LABELS.

 PKCS #12 certificate storage
gsk_environment_init() z/OS V2R2 Changed:

Added information on PKCS #12 files.

 PKCS #12 certificate storage
gsk_environment_open() z/OS V2R2 Changed:
  1. Updates to GSK_KEYRING_FILE and GSK_KEYRING_PW.
  2. Added support for timely revocation checking and revocation flexibility.
  1. PKCS #12 certificate storage
  2. Certificate revocation enhancement
z/OS V2R1 Changed:

During establishment of the SSL environment, support added for processing environment variable GSK_SUITE_B_PROFILE.

 Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

During establishment of the SSL environment support was added for processing environment variables GSK_PROTOCOL_TLSV1_2 and GSK_TLS_SIG_ALG_PAIRS.

 TLS V1.2
z/OS V1R13 Changed:

During establishment of the SSL environment support was added for process environment variable GSK_V3_CIPHER_SPECS_EXPANDED.

 Elliptic Curve Cryptography for TLS
gsk_get_all_cipher_suites() z/OS V2R2 Changed:

Updated SSL run time level.

 Release update
z/OS V2R1 Changed:

Updated SSL run time level.

 Release update
z/OS V1R13 New:

Returns the available SSL cipher suites.

 Support for returning 2-byte and 4-bytes cipher lists
gsk_get_cipher_suites() z/OS V2R2 Changed:

Updated SSL run time level.

 Release update
z/OS V2R1 Changed:

Updated SSL run time level.

 Release update
z/OS V1R13 Changed:

Updated SSL run time level.

 Release update
gsk_get_ssl_vector() z/OS V1R13 Changed:

Added GSK_SSL_LVL3 function mask.

 Release update
gsk_get_update z/OS V2R2 Changed:

Added information on PKCS #12 files.

 PKCS #12 certificate storage
gsk_secure_socket_init() z/OS V2R2 Changed:
  1. Added information on PKCS #12 files.
  2. Added information on specifying a cached session.
  3. Added support for timely revocation checking and revocation flexibility.
  1. PKCS #12 certificate storage
  2. Client session resumption enhancement
  3. Certificate revocation enhancement
z/OS V2R1 Changed:

TLS V1.2 handshake performed according to Suite B profile definition.

 Suite B for TLS
z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
z/OS V1R13 Changed:

Updated to support elliptic curve based TLS secure connections.

 Elliptic Curve Cryptography for TLS
gsk_secure_socket_misc() z/OS V2R2 Changed:

Added information on using this function when re-using cached sessions.

 Client session resumption enhancement
z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
gsk_secure_socket_read() z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
gsk_secure_socket_shutdown() z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
gsk_secure_socket_write() z/OS V1R13 with APAR OA39422 Changed:

Updated to support TLS V1.2 secure connections.

 TLS V1.2
Parent topic: System SSL summary of interface changes