Application compatibility with AT-TLS

Most applications can use AT-TLS. However, some applications should not be configured to use AT-TLS. Any application that is already configured to use SSL or TLS protocols should not use AT-TLS. Use of AT-TLS would result in encrypting data that is already encrypted. The receiving partner would not be able to decipher the data that had been encrypted twice. If the application can be configured to use clear text or the application uses the SIOCTTLSCTL ioctl, AT-TLS can provide support.

TCP/IP applications that already support the TLS protocol include:

• TN3270E Telnet server

  Use the TTLSPort statement to configure the TN3270E Telnet server to support AT-TLS. See the information about configuring Telnet security using AT-TLS under Transport Layer Security.

• FTP server

  Code the TLSMECHANISM statement in FTP.DATA to configure the FTP server to support AT-TLS. See Steps for migrating the FTP server and client to use AT-TLS.

• FTP client

  Code the TLSMECHANISM statement in FTP.DATA to configure the FTP client to support AT-TLS. See Steps for migrating the FTP server and client to use AT-TLS.

• Sendmail
• DCAS (Express® Logon server)

  Code the TLSMECHANISM statement in the DCAS configuration file to configure the DCAS server to support AT-TLS. See Customizing DCAS for TLS/SSL.

AT-TLS does not support web servers using the Fast Response Cache Accelerator (FRCA) support in TCP/IP. AT-TLS ignores policy for connections using FRCA. The sockets are treated as if they did not match any AT-TLS rules.

AT-TLS does not support applications that use the Pascal sockets API. AT-TLS ignores all Pascal sockets. The sockets are treated as if they did not match any AT-TLS rules. TCP/IP applications that use the Pascal API include:

• TSO TN3270E Telnet client
• SMTP server
• LPD server