z/OS SSL support includes the ability for applications to create multiple SSL environments within a single process. An application can now modify environment attributes without terminating any SSL sessions already underway.
•IPv6 Support: This support allows System SSL to be used in an IPv6 network confi guration. It also enables System SSL to support both IPv4 and IPv6 Internet pro- tocol addresses.
•Performance is improved with CRL Caching: Today, SSL supports certifi cate revocation lists (CRLs) stored in an LDAP server. Each time a certifi cate needs to be validated, a request is made to the LDAP server to get the list of CRLs. CRL Caching enables applications to request that the retrieved list of CRLs be cached for a defi ned length of time.
•Support for the AES Symmetric Cipher for SSL V3 and TLS Connections: System SSL supports the Advanced Encryption Standard (AES), which provides data encryp- tion using
•Support for DSS (Digital Signature Standard) Certifi - cates: System SSL has been enhanced to support Digi- tal Signature Standard certifi cates defi ned by the FIPS (Federal Information Processing Standard)
•System SSL of RSA Private Keys Stored in ICSF: With z/OS 1.4, support is introduced that is designed to allow a certifi cate’s private key to reside in ICSF thus lifting
a restriction where the private key had to reside in the RACF database.
•Failover LDAP provides greater availability: You can now specify a list of Security
•Simplifi ed administration with the ability to export and import certifi cate chains using PKCS#7 format fi les.defi ned length of time.
LDAP
z/OS provides
Enhancements
•Mandatory Authentication Methods (required by IETF RFC 2829) are supported in z/OS 1.4: The
•TLS: z/OS LDAP now provides support for TLS (Trans- port Layer Security) as defi ned in IETF RFC 2830 as an alternative to SSL support. It also provides support, via an LDAP extended operation, that allows applications to selectively activate TLS for certain LDAP operations at the application’s discretion.
65
