z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


TLS extensions

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

System SSL allows applications to specify TLS extensions that add functionality to the Transport Layer Security (TLS) protocol. TLS extensions may be set by both TLS clients and servers. The use of TLS extensions is compatible with earlier versions: communication is possible between TLS clients that support TLS extensions and TLS servers that do not support TLS extensions, and vice versa.

To use TLS extensions in a TLS client/server session, the gsk_attribute_set_tls_extension() SSL API must be used to define the extensions that the TLS client or server supports. TLS extensions may be defined:
  • After gsk_environment_open() is performed but before the gsk_environment_init() call
  • After gsk_secure_socket_open() is performed but before the gsk_secure_socket_init() call
TLS extensions that are defined for an SSL environment applies to all connections within the environment. Each connection can define additional TLS extensions to be used for that connection, or may override TLS extension settings that are defined for the environment. System SSL currently provides support for the following TLS extensions:
Truncated HMAC
Truncates the HMAC used to authenticate record layer communications to 80 bits
Maximum Fragment Length
Allows the client to use a fragment length smaller than the TLS default of 16,384 bytes when transmitting messages
Server Name Indication
Allows the client to tell the server the name of the server it wants to connect to
Parent topic: System SSL application programming considerations

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014