Secure Sockets APIs
Secure sockets consists of the following APIs:
The IBM i Global Secure Toolkit (GSKit) and IBM i SSL_ application programming interfaces (APIs) are a set of functions that, when used with the IBM i sockets APIs, are designed to enable and facilitate secure communications between processes on a network. The GSK Secure Toolkit (GSKit) APIs are the preferred set of APIs to be used to securely enable an application using Secure Sockets Layer/Transport Layer Security (SSL/TLS). The SSL_ APIs also can be used to enable an application to use the SSL/TLS Protocol.
SSL provides communications privacy over an open communications network (that is, the Internet). The protocol allows client/server applications to communicate to prevent eavesdropping, tampering, and message forgery. The SSL protocol connection security has three basic properties:
- The connection is private. Encryption using secret keys is used to encrypt
and decrypt the data. The secret keys are generated on a per SSL session basis
using an SSL handshake protocol. An SSL handshake is a series of protocol packets
sent in a particular sequence, which use asymmetric cryptography to establish an
SSL session. Symmetric cryptography is used for application data encryption
and decryption.
- The peer's identity can be authenticated using asymmetric, or public key
cryptography.
- The connection is reliable. Message transport includes a message integrity check using a keyed Message Authentication Code (MAC). Secure hash functions are used for MAC computations.
When creating ILE programs or service programs that use the IBM i GSKit or SSL_ APIs, you do not need to explicitly bind to the secure sockets service program QSYS/QSOSSLSR because it is part of the system binding directory.
The GSKit and SSL_ API documentation describes the GSKit and SSL_ APIs only. This documentation does not include any information about how to configure or obtain any of the cryptographic objects, such as a key ring file or certificate, that are required to fully enable an application for SSL. Some cryptographic objects, such as certificate store files, are required parameters for GSKit and SSL_ APIs. information about how to configure the cryptographic objects required for the IBM i secure socket APIs, or how to configure a secure web server, which also uses the secure socket APIs, can be found using the following references:
- IBM HTTP
Server for i
- Secure Sockets Layer in the information center Security category (SSL prerequisites discusses what you must install and configure before using
secure sockets.)
- Cryptography
For background information about GSKit and SSL_ APIs, see:
- Secure sockets in the Socket programming topic collection