z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


API reference

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

This topic describes the set of application programming interfaces (APIs) that z/OS® System SSL supports for performing secure sockets layer (SSL/TLS) communication.

These APIs were introduced in z/OS Version 1 Release 2 and beyond and supersede the APIs from prior releases. Only the APIs in this topic should be used for writing new application programs. Existing application programs should be recoded if possible to use the new APIs. See Migrating from deprecated SSL interfaces for more information about updating your application programs.

The deprecated APIs included in Deprecated Secure Socket Layer (SSL) APIs are for reference only. When creating new application programs, you must not include any of the deprecated APIs; you should use only the APIs in this topic.

These provide more information about X.509 certificates and the Secure Sockets Layer protocol. System SSL only supports the PKCS versions that are indicated below. Make sure that you select the appropriate version of the document on the website.
Note: Copies of ANSI standards can be purchased from the American National Standards Institute (ANSI) web page at www.ansi.org.
  • ANSI: ANSI X9.31 - 1998 Digital Certificates Using Reversible Public Key Cryptography for the Financial Services Industry
  • ANSI: ANSI X9.62 - Elliptic Curve Digital Signature Algorithm
  • FIPS 186-2: Digital Signature Standard (DSS) (1024-bit and less)
  • FIPS 186-3: Digital Signature Standard (DSS) (1024-bit and greater)
  • PKCS #1, Version 2.1: RSA Encryption Standard
  • PKCS #3, Version 1.4: Diffie-Hellman Key Agreement Standard
  • PKCS #5, Version 2.0: Password-based Encryption
  • PKCS #7, Version 1.5 and 1.6: Cryptographic Message Syntax
  • PKCS #8, Version 1.2: Private Key Information Syntax
  • PKCS #10, Version 1.7: Certification Request
  • PKCS #12, Version 1.0: Personal Information Exchange
  • RFC 2246: The TLS Protocol Version 1.0
  • RFC 2253: UTF-8 String Representation of Distinguished Names
  • RFC 2279: UTF-8, a transformation format of ISO 10646
  • RFC 2459: X.509 certificate, certificate revocation list, and certificate extensions
  • RFC 2587: PKIX LDAP Version 2 Schema
  • RFC 2631: Diffie-Hellman Key Agreement Method
  • RFC 3268: Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
  • RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  • RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
  • RFC 4366: Transport Layer Security (TLS) Extensions
  • RFC 4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
  • RFC 5116: An Interface and Algorithms for Authenticated Encryption
  • RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2
  • RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  • RFC 5288: AES Galois Counter Mode (GCM) Cipher Suites for TLS
  • RFC 5289: TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM))
  • RFC 5430: Suite B Profile for Transport Layer Security (TLS)
  • RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
  • RFC 5480: Elliptic Curve Cryptography Subject Public Key Information

This is a list of APIs. Use these APIs when creating new application programs. If possible, recode your existing application programs to use these APIs as well:

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014