Secure Sockets Layer (SSL) is a communications protocol that provides secure communications over an open communications network (for example, the Internet). The SSL protocol is a layered protocol that is intended to be used on top of a reliable transport, such as Transmission Control Protocol (TCP/IP). SSL provides data privacy and integrity including server and client authentication that is based on public key certificates. Once an SSL connection is established between a client and server, data communications between client and server are transparent to the encryption and integrity added by the SSL protocol. System SSL supports the SSL V2.0, SSL V3.0 and TLS (Transport Layer Security) V1.0, TLS V1.1, and TLS V1.2 protocols. TLS V1.2 is the latest version of the secure sockets layer protocol that is supported by System SSL.

z/OS® provides a set of SSL C/C++ callable application programming interfaces that, when used with the z/OS Sockets APIs, provide the functions that are required for applications to establish secure sockets communications.

In addition to providing the API interfaces to use the Secure Sockets Layer and Transport Layer Security protocols, System SSL is also providing a suite of Certificate Management APIs. These APIs give the capability to create/manage your own certificate databases, use certificates that are stored in key databases, key rings or tokens for purposes other than SSL and to build/process PKCS #7 standard messages.

In addition to providing APIs for applications to use for both SSL and certificate management support, System SSL also provides a certificate management utility called gskkyman. The gskkyman utility allows for the management of certificates that are stored in a key database file or z/OS PKCS #11 token.

System SSL is designed to meet the Federal Information Processing Standard - FIPS 140-2 criteria. See System SSL and FIPS 140-2 for more information.