This
topic describes the set of application programming interfaces (APIs)
that z/OS® System SSL supports
for performing secure sockets layer (SSL/TLS) communication.
These APIs were introduced in z/OS Version
1 Release 2 and beyond and supersede the APIs from prior releases. Only the
APIs in this topic should be used for writing new application programs.
Existing application programs should be recoded if possible to use
the new APIs. See Migrating from deprecated SSL interfaces for more
information about updating your application programs.
The deprecated APIs included in Deprecated Secure Socket Layer (SSL) APIs are
for reference only. When creating new application programs,
you must not include any of the deprecated APIs; you should
use only the APIs in this topic.
These provide more information about X.509 certificates and the
Secure Sockets Layer protocol. System SSL only supports the PKCS versions
that are indicated below. Make sure that you select the appropriate
version of the document on the website.
Note: Copies of ANSI standards
can be purchased from the American National Standards Institute (ANSI)
web page at www.ansi.org.
- ANSI: ANSI X9.31 -
1998 Digital Certificates Using Reversible Public Key Cryptography
for the Financial Services Industry
- ANSI: ANSI X9.62 -
Elliptic Curve Digital Signature Algorithm
- FIPS 186-2: Digital
Signature Standard (DSS) (1024-bit and less)
- FIPS 186-3: Digital
Signature Standard (DSS) (1024-bit and greater)
- PKCS #1, Version 2.1: RSA
Encryption Standard
- PKCS #3, Version 1.4: Diffie-Hellman
Key Agreement Standard
- PKCS #5, Version 2.0: Password-based
Encryption
- PKCS #7, Version 1.5
and 1.6: Cryptographic Message Syntax
- PKCS #8, Version 1.2: Private
Key Information Syntax
- PKCS #10, Version 1.7: Certification
Request
- PKCS #12, Version 1.0: Personal
Information Exchange
- RFC 2246: The TLS
Protocol Version 1.0
- RFC 2253: UTF-8
String Representation of Distinguished Names
- RFC 2279: UTF-8,
a transformation format of ISO 10646
- RFC 2459: X.509
certificate, certificate revocation list, and certificate extensions
- RFC 2587: PKIX LDAP
Version 2 Schema
- RFC 2631: Diffie-Hellman
Key Agreement Method
- RFC 3268: Advanced
Encryption Standard (AES) Ciphersuites for Transport Layer Security
(TLS)
- RFC 3280: Internet
X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile
- RFC 4346: The Transport
Layer Security (TLS) Protocol Version 1.1
- RFC 4366: Transport
Layer Security (TLS) Extensions
- RFC 4492: Elliptic
Curve Cryptography (ECC) Cipher Suites for Transport Layer Security
(TLS)
- RFC 5116: An Interface
and Algorithms for Authenticated Encryption
- RFC 5246: The Transport
Layer Security (TLS) Protocol Version 1.2
- RFC 5280: Internet
X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile
- RFC 5288: AES Galois
Counter Mode (GCM) Cipher Suites for TLS
- RFC 5289: TLS Elliptic
Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode
(GCM))
- RFC 5430: Suite
B Profile for Transport Layer Security (TLS)
- RFC 5746: Transport
Layer Security (TLS) Renegotiation Indication Extension
- RFC 5480: Elliptic
Curve Cryptography Subject Public Key Information
This is a list of APIs. Use these APIs when creating new application
programs. If possible, recode your existing application programs to
use these APIs as well: