In Version 1 Release 2 of z/OS®, a new set of functions were added that superseded some functions from previous System SSL releases. The functions that were superseded are referred to collectively as "the deprecated SSL interface". It is suggested that new application programs do not use the deprecated SSL interface. For application programs that currently use the deprecated SSL interface, this topic describes how to migrate to the most recent interface.

• Replace manually initializing the gsk_init_data structure with gsk_environment_open(), plus a number of gsk_attribute_set_buffer(), gsk_attribute_set_enum() and gsk_attribute_set_numeric_value() functions (as needed) to set attributes.
• Replace gsk_get_cipher_info() with a call to gsk_attribute_get_buffer() to get the list of available ciphers. This call must be done after a successful gsk_environment_open() call. The ciphers returned always represent the high security ciphers.
• Replace gsk_initialize() with gsk_environment_init().
• Replace manually initializing the gsk_soc_init_data structure with gsk_secure_socket_open(), plus a number of gsk_attribute_set_buffer(), gsk_attribute_set_enum() and gsk_attribute_set_numeric_value() functions (as needed) to set attributes.
• Replace manually initializing the gsk_soc_init_data structure with the addresses of your I/O callback routines with gsk_attribute_set_callback(). You specify the address of a gsk_iocallback structure that contains the addresses of the callback routines. The gsk_iocallback structure is defined in gskssl.h. Note that an additional parameter must be added to the function declarator for your existing callback routines.
• Replace gsk_user_set() with gsk_attribute_set_callback() for defining the address of your get peer ID callback routine. You specify the address of an gsk_iocallback structure that contains the address of the callback routine. The gsk_iocallback structure is defined in gskssl.h. Note that an additional parameter must be added to the function declarator for your existing callback routine.
• Replace gsk_user_set() with gsk_attribute_set_callback() for defining the address of your session ID cache callback routines. You specify the address of a gsk_sidcache_callback structure that contains the address of the callback routines. The gsk_sidcache_callback structure is defined in gskssl.h.
• Replace gsk_get_dn_by_label() with gsk_get_cert_by_label().
• Replace gsk_secure_soc_init() with gsk_secure_socket_init().
• Replace gsk_secure_soc_read() with gsk_secure_socket_read(). Note that gsk_secure_socket_read() has an extra parameter to return the length of the data read.
• Replace gsk_secure_soc_write() with gsk_secure_socket_write(). Note that gsk_secure_socket_write() has an extra parameter to return the length of the data written.
• To notify your partner application that you are done sending data on the secure connection, a call to gsk_secure_socket_shutdown should be issued before the gsk_secure_socket_close call.
• Replace gsk_secure_soc_close() with gsk_secure_socket_close().
• Be sure that every gsk_secure_socket_open() is matched with a gsk_secure_socket_close() even if there is an error on gsk_secure_socket_init(). Normal sequence is open, init, close. So, if init gets an error return code, you still must do the close.
• Be sure that every gsk_environment_open() is matched with a gsk_environment_close() even if there is an error on gsk_environment_init(). Normal sequence is open, init, close. So, if init gets an error return code, you still must do the close.
• A method is provided to display certificates after gsk_secure_socket_init() is issued. You may use gsk_attribute_get_cert_info(), if you prefer.
• Note that all of the error return values are renamed and renumbered. Program logic must be changed accordingly.
• There is a gsk_strerror() debug routine that returns a text string (in English only) when an error number is passed to it.