This topic describes how to write, build, and run a secure socket layer (SSL) application that uses the System SSL programming interfaces. You can write both client and server applications using the System SSL (TLS/SSL) programming interfaces.

In Version 1 Release 2 of z/OS®, a new set of functions were added that superseded some functions from previous System SSL releases. The functions that were superseded are referred to collectively as "the deprecated SSL interface". It is suggested that new application programs do not use the deprecated SSL interface. For a complete list and descriptions of the suggested APIs, see API reference. See Deprecated Secure Socket Layer (SSL) APIs for more information about deprecated APIs .

In addition to writing the SSL applications, you must have a certificate repository available for the application. The certificate repository can be a key database file, PKCS #11 token, or SAF key ring. See Certificate/Key management for details about creating and managing key database files or PKCS #11 tokens. For SAF key rings, see the RACDCERT command information in z/OS Security Server RACF Command Language Reference for more information.

Sample programs using the new APIs are shipped in /usr/lpp/gskssl/examples.