Content

IBM i Secure Sockets Layer has been enhanced to support the latest industry standards of Transport Layer Security version 1.2 (TLSv1.2) and Transport Layer Security version 1.1 (TLSv1.1) protocols. The TLSv1.2 protocol uses SHA2 hashing algorithms. System SSL also supports the Online Certificate Status Protocol (OCSP) during the certificate validation process. OCSP is used for checking the revocation status of end entity certificates.

Digital Certificate Manager (DCM) options on the Application Definition configuration panels allow many of the core IBM networking applications (Telnet, FTP, and so on) to use these new protocols and enable OCSP. Applications making use of a System SSL programming interface or the Global Secure Toolkit (GSKit) System SSL programming interface can switch to the new protocols by making changes to the code and recompiling.

A feature article which explains this topic in technical depth can be found here:

How to use TLSv1.2 with System SSL on IBM i 7.1

System Requirements

The core System SSL TLSv1.2 functionality is included in IBM i 7.1 TR6. To enable and use the new protocols, PTFs from multiple areas of the operating system are also required. Provided DCM (5770SS1 option 34) is installed on the system, PTF SI48659 and its requisite PTFs must be loaded and applied. Be certain to apply the distribution requirement PTFs valid for the products and options that are installed on the system.