AT-TLS currency with System SSL
z/OS® V2R5 Communications Server provides AT-TLS support for RFC 7627 "Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension". RFC 7627 defines an extended master secret extension. The extension is used to negotiate whether an extended master secret computation will be used for a TLSv1.2 or earlier handshake.
Using AT-TLS currency with System SSL
Incompatibility: TLSv1.3 does not use the extended master secret
extension to negotiate whether an extended master secret computation will be used or not. The same
protection provided by the extended master secret computation is built into the base TLSv1.3
support.
To enable AT-TLS currency with System SSL, perform the tasks in Table 1.
| Task/Procedure | Reference |
|---|---|
| Review the options for enabling AT-TLS support for the Extended Master Secret extension and computation. By default, the support is enabled for AT-TLS clients and servers. |
|
| Display AT-TLS policy using the z/OS UNIX pasearch command to query information from the Policy Agent. | The z/OS UNIX pasearch command: Display policies in z/OS Communications Server: IP System Administrator's Commands |
| Display AT-TLS policy for an active connection using the Netstat TTLS/-x command. | Netstat TTLS/-x report in z/OS Communications Server: IP System Administrator's Commands |
To find all related topics about AT-TLS currency with System SSL, see Table 2.
| Book name | Topics |
|---|---|
| z/OS Communications Server: IP System Administrator's Commands | |
| z/OS Communications Server: IP Configuration Reference |