System SSL provides APIs associated with either an SSL environment layer or a secure socket connection layer.
The SSL environment layer defines the general attributes of the environment (such as database file name, time-out, and so on).
Secure socket connection layer defines the attributes associated with each secure connection. In addition, secure socket connection layers has read and write function calls.
First, the SSL application must create the SSL environment layer. Then, one or more secure socket connection layers can be associated with the SSL environment. Each layer has four general function calls:
open
attribute_set
initialize
close
The open function calls return a handle, either an environment handle or a secure socket connection handle, that must be passed as a parameter on subsequent function calls. Read and write functions are full-duplex; however, only one read and one write call can be in progress at one time for any secure socket connection handle.
In addition to using the SSL programming interfaces in the application, a key database must be created for the SSL application. This key database, which contains certificate information, can be an HFS file built and managed by the gskkyman utility or a RACF key ring.
System SSL uses the Integrated Cryptographic Service Facility (ICSF), if it is available. ICSF provides hardware cryptographic support that will be used instead of the System SSL software algorithms.
For System SSL to use the hardware support, the ICSF-started task must be running, and the application user ID must be authorized to the key and certificate handling resources in the RACF CSFSERV class. RACF can also be used to control access to ICSF services.
SSL applications must call SSL APIs from a C program
because they are C APIs.
