Secure sockets

Currently, you have two methods to create secure socket applications on the i5/OS operating system. The SSL_ APIs and Global Secure Toolkit (GSKit) APIs provide communications privacy over an open communications network, which in most cases is the Internet.

These APIs allow client/server applications to communicate in a way that prevents eavesdropping, tampering, and message forgery. Both the SL_ APIs and Global Secure Toolkit (GSKit) APIs support server and client authentication, and both allow an application to use the Secure Sockets Layer (SSL) protocol. However, GSKit APIs are supported for all IBM systems, while the SSL_ APIs exist only in the i5/OS operating system. To enhance portability across systems, it is suggested that you use GSKit APIs when developing applications for secure socket connections.

Overview of secure sockets

Originally developed by Netscape, the Secure Sockets Layer (SSL) protocol is a layered protocol to be used on top of a reliable transport, such as Transmission Control Protocol (TCP), to provide secure communications for an application. A few of the many applications that require secure communications are Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Telnet.

An SSL-enabled application typically needs to use a port different from an application that is not SSL-enabled. For example, an SSL-enabled browser accesses an SSL-enabled HTTP Server with a Universal Resource Locator (URL) that begins https rather than http. In most cases, a URL of https attempts to open a connection to port 443 of the server system instead of to port 80 that the standard HTTP Server uses.

There are multiple versions of the SSL protocol defined. The latest version, Transport Layer Security (TLS) Version 1.0, provides an evolutionary upgrade from SSL Version 3.0. Both SSL_ APIs and the GSKit APIs support TLS Version 1.0, TLS Version 1.0 with SSL Version 3.0 compatibility, SSL Version 3.0, SSL Version 2.0, and SSL Version 3.0 with 2.0 compatibility. For more details on TLS Version 1.0, see RFC 2246: "Transport Layer Security" Link to IETF search page .