• • Abstract for Cryptographic Services System Secure Sockets Layer Programming
  • z/OS Version 2 Release 1 summary of changes
• Introduction
  • Software dependencies
  • Installation information
    • System SSL parts shipped in the UNIX System Services file system
    • System SSL parts shipped in PDS and PDSE
• How System SSL works for secure socket communication
  • Using System SSL on z/OS
  • System SSL application overview
• Using cryptographic features with System SSL
  • Guidelines for using hardware cryptographic features
  • Overview of hardware cryptographic features and System SSL
  • Random byte generation support
  • Elliptic Curve Cryptography support
  • Diffie-Hellman key agreement
  • RACF CSFSERV resource requirements
  • PKCS #11 and Setting CLEARKEY resource within CRYPTOZ class
  • PKCS #11 Cryptographic operations using ICSF handles
• System SSL and FIPS 140-2
  • Algorithms and key sizes
  • Random byte generation
  • Diffie-Hellman key agreement
  • Certificates
  • SSL/TLS protocol
  • System SSL module verification setup
    • Performance guideline
  • Certificate stores
    • SAF key rings and PKCS #11 tokens
      • Key database files
  • Application changes
  • SSL started task
    • Sysplex session ID cache
• Writing and building a z/OS System SSL application
  • Writing a System SSL source program
    • Create an SSL environment
    • System SSL server program
    • System SSL client program
  • Building a z/OS System SSL application
  • Running a z/OS System SSL application
  • System SSL application programming considerations
    • Non-Blocking I/O
      • Non-Blocking socket primer
      • Affected SSL functions
        • Enable/disable non-blocking mode
        • Differences in SSL and unsecured non-blocking mode
    • Client authentication certificate selection
    • I/O routine replacement
      • Callback routine for I/O
    • Use of user data
    • Session ID (SID) cache
      • Session ID (SID)
      • Session ID cache replacement
        • Format
        • Callbacks
        • Parameters
    • Session renegotiation notification
    • TLS extensions
      • Setting server side extensions
      • Setting client side extensions
    • Suite B cryptography support
• Migrating from deprecated SSL interfaces
• API reference
  • gsk_attribute_get_buffer()
  • gsk_attribute_get_cert_info()
  • gsk_attribute_get_data()
  • gsk_attribute_get_enum()
  • gsk_attribute_get_numeric_value()
  • gsk_attribute_set_buffer()
  • gsk_attribute_set_callback()
  • gsk_attribute_set_enum()
  • gsk_attribute_set_numeric_value()
  • gsk_attribute_set_tls_extension()
  • gsk_environment_close()
  • gsk_environment_init()
  • gsk_environment_open()
  • gsk_free_cert_data()
  • gsk_get_all_cipher_suites()
  • gsk_get_cert_by_label()
  • gsk_get_cipher_suites()
  • gsk_get_ssl_vector()
  • gsk_get_update()
  • gsk_list_free()
  • gsk_secure_socket_close()
  • gsk_secure_socket_init()
  • gsk_secure_socket_misc()
  • gsk_secure_socket_open()
  • gsk_secure_socket_read()
  • gsk_secure_socket_shutdown()
  • gsk_secure_socket_write()
  • gsk_strerror()
• Certificate Management Services (CMS) API reference
  • gsk_add_record()
  • gsk_change_database_password()
  • gsk_change_database_record_length()
  • gsk_close_database()
  • gsk_close_directory()
  • gsk_construct_certificate()
  • gsk_construct_private_key()
  • gsk_construct_private_key_rsa()
  • gsk_construct_public_key()
  • gsk_construct_public_key_rsa()
  • gsk_construct_renewal_request()
  • gsk_construct_self_signed_certificate()
  • gsk_construct_signed_certificate()
  • gsk_copy_attributes_signers()
  • gsk_copy_buffer()
  • gsk_copy_certificate()
  • gsk_copy_certificate_extension()
  • gsk_copy_certification_request()
  • gsk_copy_content_info()
  • gsk_copy_crl()
  • gsk_copy_name()
  • gsk_copy_private_key_info()
  • gsk_copy_public_key_info()
  • gsk_copy_record()
  • gsk_create_certification_request()
  • gsk_create_database()
  • gsk_create_database_renewal_request()
  • gsk_create_database_signed_certificate()
  • gsk_create_renewal_request()
  • gsk_create_self_signed_certificate()
  • gsk_create_signed_certificate()
  • gsk_create_signed_certificate_record()
  • gsk_create_signed_certificate_set()
  • gsk_create_signed_crl()
  • gsk_create_signed_crl_record()
  • gsk_decode_base64()
  • gsk_decode_certificate()
  • gsk_decode_certificate_extension()
  • gsk_decode_certification_request()
  • gsk_decode_crl()
  • gsk_decode_import_certificate()
  • gsk_decode_import_key()
  • gsk_decode_name()
  • gsk_decode_private key()
  • gsk_decode_public key()
  • gsk_delete_record()
  • gsk_dn_to_name()
  • gsk_encode_base64()
  • gsk_encode_certificate_extension()
  • gsk_encode_ec_parameters()
  • gsk_encode_export_certificate()
  • gsk_encode_export_key()
  • gsk_encode_export_request()
  • gsk_encode_name()
  • gsk_encode_private_key()
  • gsk_encode_public_key()
  • gsk_encode_signature()
  • gsk_export_certificate()
  • gsk_export_certification_request()
  • gsk_export_key()
  • gsk_factor_private_key()
  • gsk_factor_private_key_rsa()
  • gsk_factor_public_key()
  • gsk_factor_public_key_rsa()
  • gsk_fips_state_query()
  • gsk_fips_state_set()
  • gsk_free_attributes_signers()
  • gsk_free_buffer()
  • gsk_free_certificate()
  • gsk_free_certificates()
  • gsk_free_certificate_extension()
  • gsk_free_certification_request()
  • gsk_free_content_info()
  • gsk_free_crl()
  • gsk_free_crls()
  • gsk_free_decoded_extension()
  • gsk_free_name()
  • gsk_free_private_key()
  • gsk_free_private_key_info()
  • gsk_free_public_key()
  • gsk_free_public_key_info()
  • gsk_free_record()
  • gsk_free_records()
  • gsk_free_string()
  • gsk_free_strings()
  • gsk_generate_key_agreement_pair()
  • gsk_generate_key_pair()
  • gsk_generate_key_parameters()
  • gsk_generate_random_bytes()
  • gsk_generate_secret()
  • gsk_get_certificate_algorithms()
  • gsk_get_certificate_info()
  • gsk_get_cms_vector()
  • gsk_get_default_key()
  • gsk_get_default_label()
  • gsk_get_directory_certificates()
  • gsk_get_directory_crls()
  • gsk_get_directory_enum()
  • gsk_get_ec_parameters_info()
  • gsk_get_record_by_id()
  • gsk_get_record_by_index()
  • gsk_get_record_by_label()
  • gsk_get_record_by_subject()
  • gsk_get_record_labels()
  • gsk_get_update_code()
  • gsk_import_certificate()
  • gsk_import_key()
  • gsk_make_content_msg()
  • gsk_make_data_content()
  • gsk_make_data_msg()
  • gsk_make_encrypted_data_content()
  • gsk_make_encrypted_data_msg()
  • gsk_make_enveloped_data_content()
  • gsk_make_enveloped_data_content_extended()
  • gsk_make_enveloped_data_msg()
  • gsk_make_enveloped_data_msg_extended()
  • gsk_make_enveloped_private_key_msg()
  • gsk_make_signed_data_content()
  • gsk_make_signed_data_content_extended()
  • gsk_make_signed_data_msg()
  • gsk_make_signed_data_msg_extended()
  • gsk_make_wrapped_content()
  • gsk_mktime()
  • gsk_modify_pkcs11_key_label()
  • gsk_name_compare()
  • gsk_name_to_dn()
  • gsk_open_database()
  • gsk_open_database_using_stash_file()
  • gsk_open_directory()
  • gsk_open_keyring()
  • gsk_perform_kat()
  • gsk_query_crypto_level()
  • gsk_query_database_label()
  • gsk_query_database_record_length()
  • gsk_rdtime()
  • gsk_read_content_msg()
  • gsk_read_data_content()
  • gsk_read_data_msg()
  • gsk_read_encrypted_data_content()
  • gsk_read_encrypted_data_msg()
  • gsk_read_enveloped_data_content()
  • gsk_read_enveloped_data_content_extended()
  • gsk_read_enveloped_data_msg()
  • gsk_read_enveloped_data_msg_extended()
  • gsk_read_signed_data_content()
  • gsk_read_signed_data_content_extended()
  • gsk_read_signed_data_msg()
  • gsk_read_signed_data_msg_extended()
  • gsk_read_wrapped_content()
  • gsk_receive_certificate()
  • gsk_replace_record()
  • gsk_set_default_key()
  • gsk_set_directory_enum()
  • gsk_sign_certificate()
  • gsk_sign_crl()
  • gsk_sign_data()
  • gsk_validate_certificate()
  • gsk_validate_certificate_mode()
  • gsk_validate_hostname()
  • gsk_validate_server()
  • gsk_verify_certificate_signature()
  • gsk_verify_crl_signature()
  • gsk_verify_data_signature()
• Deprecated Secure Socket Layer (SSL) APIs
  • gsk_free_memory()
  • gsk_get_cipher_info()
  • gsk_get_dn_by_label()
  • gsk_initialize()
  • gsk_secure_soc_close()
  • gsk_secure_soc_init()
  • gsk_secure_soc_read()
  • gsk_secure_soc_reset()
  • gsk_secure_soc_write()
  • gsk_srb_initialize()
  • GSKSRBRD
  • GSKSRBWT
  • gsk_uninitialize()
  • gsk_user_set()
• Certificate/Key management
  • Introduction
  • gskkyman Overview
  • Setting up the environment to run gskkyman
  • Key database files
  • z/OS PKCS #11 tokens
  • gskkyman interactive mode descriptions
    • Database menu
    • Key/Token management
      • Key Management menu/Token management menu
        • Manage Keys and Certificates
        • Manage certificates
        • Manage certificate requests
        • Create new certificate request
        • Receive requested certificate or a renewal certificate
        • Create a self-signed certificate
        • Import a certificate
        • Import a certificate and a private key
        • Show the default key
        • Store database password
        • Show database record length
  • gskkyman interactive mode examples
    • Starting gskkyman
    • Creating, opening, and deleting a key database file
    • Changing a key database password
    • Storing an encrypted key database password
    • Creating, opening, and deleting a z/OS PKCS #11 token
    • Creating a self-signed server or client certificate
    • Creating a certificate request
    • Sending the certificate request
    • Receiving the signed certificate or renewal certificate
    • Managing keys and certificates
      • Showing certificate/key information
      • Marking a certificate (and private key) as the default certificate
      • Copying a certificate (and private key) to a different key database or z/OS PKCS #11 token
        • Copying a certificate without its private key
        • Copying a certificate with its private key
        • Copying a certificate and its private key from a key database on the same system
        • Copying a certificate and its private key from a z/OS PKCS #11 token on the same system
      • Removing a certificate (and private key)
      • Changing a certificate label
      • Creating a signed certificate and key
      • Creating a signed ECC certificate and key
      • Creating a certificate to be used with a fixed Diffie-Hellman key exchange
      • Creating a certificate renewal request
    • Importing a certificate from a file as a trusted CA certificate
    • Importing a certificate from a file with its private key
    • Using gskkyman to be your own certificate authority (CA)
    • Migrating from key database files to z/OS PKCS #11 token
    • Migrating key database files to RACF key rings
  • gskkyman command line mode syntax
    • gskkyman
    • gskkyman command line mode examples
    • gskkyman command line mode displays
• SSL started task
  • GSKSRVR environment variables
  • Configuring the SSL started task
  • Server operator commands
  • Sysplex session cache support
  • Component trace support
  • Hardware cryptography failure notification
• Obtaining diagnostic information
  • Obtaining System SSL trace information
    • Capturing trace data through environment variables
  • Component trace support
  • Capturing component trace data
  • Displaying the trace data
  • Event trace records for System SSL
  • Capturing component trace data without an external writer
• Messages and codes
  • SSL function return codes
    • 1
  • Deprecated SSL function return codes
    • 1
  • ASN.1 status codes (014CExxx)
    • 014CE001
  • CMS status codes (03353xxx)
    • 03353001
  • SSL started task messages (GSK01nnn)
    • GSK01001I
  • Utility messages (GSK00nnn)
    • GSK00001E
• Environment variables
• Sample C++ SSL files
• Cipher suite definitions
• Object identifiers