JavaScript not Active

This page uses JavaScript. You must activate JavaScript in your browser to be sure youare able to view all of the information.

SUBJECT:         APAR  NUMBER: PJ27863
 
REFERENCE:  AREA:     TCP/IP APPLICATION LAYER
            SEGMENT:  IBMPAL40   - RELEASE:  TPF4  (Copy)
            SEGMENT:  SPPGML40   - RELEASE:  TPF4  (Macro)
 
 
Pre-requisite APARs are:
FOR SEGMENT IBMPAL40   (Copy)      - REL TPF4
 PJ13514  PJ13496  PJ13560  PJ14078  
 PJ14282  PJ14557  PJ14444  
 PJ14722  PJ14805  PJ14858  PJ13562  
 PJ14605  PJ15324  PJ14437  
 PJ15585  PJ16213  PJ15454  PJ16331  
 PJ17568  PJ14737  PJ14947  
 PJ17852  PJ17912  PJ17292  PJ15728  
 PJ19689  PJ19949  PJ19966  
 PJ19938  PJ19272  PJ19727  PJ21044  
 PJ20777  PJ21167  PJ20974  
 PJ21596  PJ21584  PJ21592  PJ21791  
 PJ20388  PJ22079  PJ21706  
 PJ22208  PJ17689  PJ21709  PJ22389  
 PJ22925  PJ21701  PJ22975  
 PJ22434  PJ23178  PJ23180  PJ22937  
 PJ23336  PJ22843  PJ23430  
 PJ23434  PJ23338  PJ21693  PJ23297  
 PJ21694  PJ21708  PJ24147  
 PJ23931  PJ23923  PJ24344  PJ24472  
 PJ23620  PJ24525  PJ24530  
 PJ24563  PJ24626  PJ23984  PJ24845  
 PJ24912  PJ25084  PJ25094  
 PJ25098  PJ25089  PJ25158  PJ25261  
 PJ25277  PJ25266  PJ25207  
 PJ23981  PJ25075  PJ25375  PJ25379  
 PJ25442  PJ25425  PJ25632  
 PJ25444  PJ25589  PJ25703  PJ25720  
 PJ25684  PJ25332  PJ25760  
 PJ25781  PJ25780  PJ25953  PJ25982  
 PJ25983  PJ25981  PJ26125  
 PJ25880  PJ26150  PJ26187  PJ26161  
 PJ26188  PJ26174  PJ26350  
 PJ26365  PJ26366  PJ26283  PJ26384  
 PJ26516  PJ26468  PJ26575  
 PJ26577  PJ26534  PJ26685  PJ26683  
 PJ26713  PJ26600  PJ26581  
 PJ26693  PJ26686  PJ26707  PJ26782  
 PJ26781  PJ26864  PJ26892  
 PJ27023  PJ27028  PJ21337  PJ26904  
 PJ26890  PJ27079  PJ27095  
 PJ27073  PJ27197  PJ27246  PJ27305  PJ27231  PJ27277  PJ27387  
 PJ27383  PJ27083  PJ27268  PJ27333  PJ27214  PJ27393  PJ27422  
 PJ27469  PJ27430  PJ27636  PJ27491  PJ27647  PJ27484  PJ27530  
 PJ27627  PJ27650  PJ27617  PJ27686  PJ27634  PJ27804  PJ27784  
 PJ27786  PJ27847  PJ27951  
FOR SEGMENT SPPGML40   (Macro)     - REL TPF4
 PJ13509  PJ13579  PJ14357  PJ14282  
 PJ14858  PJ14605  PJ14437  
 PJ16213  PJ15454  PJ14737  PJ14947  
 PJ17852  PJ17912  PJ15728  
 PJ19734  PJ19949  PJ19966  PJ19938  
 PJ19866  PJ21121  PJ21044  
 PJ20777  PJ21167  PJ21596  PJ21584  
 PJ21592  PJ21791  PJ20388  
 PJ21953  PJ22079  PJ22088  PJ22098  
 PJ21706  PJ22170  PJ21709  
 PJ22389  PJ21452  PJ21906  PJ21701  
 PJ21705  PJ23148  PJ23128  
 PJ22434  PJ23178  PJ23180  PJ23318  
 PJ22937  PJ23312  PJ22843  
 PJ23430  PJ23434  PJ23338  PJ21693  
 PJ23297  PJ21694  PJ21708  
 PJ24035  PJ23931  PJ23923  PJ23922  
 PJ24344  PJ24025  PJ24472  
 PJ23620  PJ23526  PJ24525  PJ24530  
 PJ24563  PJ24548  PJ24622  
 PJ24468  PJ23984  PJ24771  PJ24845  
 PJ25084  PJ25094  PJ25098  
 PJ25089  PJ25158  PJ25240  PJ25277  
 PJ25266  PJ25207  PJ25174  
 PJ23981  PJ25075  PJ25375  PJ25379  
 PJ25491  PJ25199  PJ25425  
 PJ25632  PJ25614  PJ25589  PJ25703  
 PJ25720  PJ25332  PJ25760  
 PJ25763  PJ25781  PJ25780  PJ25817  
 PJ25982  PJ25983  PJ25981  
 PJ26125  PJ25880  PJ26150  PJ26187  
 PJ26008  PJ26156  PJ26161  
 PJ26188  PJ26174  PJ26270  PJ26337  
 PJ26374  PJ26366  PJ26283  
 PJ25761  PJ26515  PJ26575  PJ26577  
 PJ26534  PJ26683  PJ26522  
 PJ26713  PJ26600  PJ26581  PJ26666  
 PJ26693  PJ26686  PJ26809  
 PJ26707  PJ26864  PJ26892  PJ26746  
 PJ26793  PJ26841  PJ26887  
 PJ26967  PJ27023  PJ27028  PJ21337  
 PJ26904  PJ26890  PJ27079  
 PJ26895  PJ27156  PJ27095  PJ27197  PJ27246  PJ27305  PJ27345  
 PJ27231  PJ27277  PJ27351  PJ27387  PJ27328  PJ27383  PJ27083  
 PJ27299  PJ27302  PJ27268  PJ27333  PJ27214  PJ27393  PJ27422  
 PJ27180  PJ27469  PJ27094  PJ27430  PJ27636  PJ27380  PJ27491  
 PJ27647  PJ27714  PJ27484  PJ27530  PJ27627  PJ27650  PJ27617  
 PJ27686  PJ27634  PJ27804  PJ27746  PJ27784  PJ27865  PJ27894  
 PJ27786  PJ27847  PJ27951  
To be applied in the order listed for each segment.

ABSTRACT OF PROBLEM
___________________
Secure Sockets Layer (SSL) support for TPF.
 

COMMENTS ON PROBLEM
___________________
SSL enables socket applications using the TCP protocol to commu-
nicate  in  a  secure manner over the TCP/IP network.  After the
TCP connection is started, applications  use  the  SSL  APIs  to
establish   an   SSL  session  over  that  TCP  connection,  and
optionally verify each other's identity  using  digital  certif-
icates.    Public  key cryptography is used to exchange a secret
key between the client and  server  applications  when  the  SSL
session  is  started.   After the SSL connection is started, the
applications use the SSL_write and  SSL_read  APIs  to  exchange
data  over  the  SSL  session.   The SSL layer encrypts the data
before it is sent to the network and the remote node's SSL layer
decrypts the data before passing it to the  remote  application.
The  secret  key created when the SSL session started is used to
encrypt  and  decrypt  data   messages   using   symmetric   key
cryptography.    Messages  flowing over an SSL session include a
message digest, which allows the  remote  node's  SSL  layer  to
detect if the contents of a message have been altered.
 

SOLUTION
________
OpenSSL version 0.9.6 has been ported to TPF.
 
OpenSSL  is  Open Source code that includes many SSL APIs and an
extensive cryptography library written by Eric Young.
 
OpenSSL information is available at www.openssl.org.
 
TPF has made only minor modifications to the ported  code,  spe-
cifically enabling time slicing in the encryption/decryption and
message digest routines.
 
The  object  code  and  source  code for SSL support for TPF are
included in this APAR.  You must use the  code  shipped  by  TPF
rather  than the code that is available for downloading from the
OpenSSL website because the code on the OpenSSL website does not
contain the TPF modifications.
 
SSL support on TPF includes support for the following:
 
o   SSL version 2 and SSL version 3 protocols
 
o   Transport Layer Security (TLS) version 1 protocol, which  is
    defined by RFC 2246
 
o   Rivest-Shamir-Adleman (RSA) public key cryptography
 
o   RC2, RC4, DES, and Triple-DES ciphers
 
o   MD5 and SHA message digest algorithms
 
o   Client and server authentication using digital certificates
 
o   Single and chained certificate
 
 
 
 
 
                                                                            1
 
 
 
 
 
 
 
 
 
If  your  TPF  SSL  application needs a certificate, meaning the
remote application will validate the identity of your TPF appli-
cation, do the following:
 
1.  Create  an  RSA  public/private  key  pair  and  certificate
    request offline using any SSL toolkit.
 
    For example, you can do this using the OpenSSL code  running
    on a secure workstation.
 
    Some  SSL toolkits, including OpenSSL, allow you to password
    protect the private key so that the key is not in the  clear
    when the file containing the private key is displayed.
 
 
2.  Send  the  certificate request to your certificate authority
    (CA).  The CA will create and  sign  the  certificate,  then
    send the certificate back to you.
 
3.  Transfer  the  file  containing the private key and the file
    containing the certificate to your TPF system using  FTP  or
    TFTP.
 
If  your  TPF  SSL application will validate the identify of the
remote application, do the following:
 
1.  Transfer the files containing the certificates  of  the  CAs
    that you trust to TPF using FTP or TFTP.
 
2.  Optionally,  transfer the files containing certificate revo-
    cation lists (CRLs) to TPF using FTP or TFTP.  CRLs  contain
    the list of certificates that have been revoked.
 
DEPENDENCIES
____________
 
Related Segments Affected By This APAR.
_______________________________________
 
Segments to be assembled or compiled:
None.
 
Segments to be link edited:
None.
 
Load Modules to be loaded:
CSSL, CRYP, CRY1 and CRY2.
 
Migration Considerations
========================
See TPF Migration guide.
 
-- END APAR PJ27863
 
 
 



Download file(s):

Login once to access server, leave window open, then
click on link(s) below.
Source
Binary