8.2.1 SSL/TLS Overview

The Secure Sockets Layer protocol (SSL) and its compatible successor, the Transport Layer Security protocol (TLS), enable a client and server to establish a secure, encrypted connection over a public network. When you connect using SSL/TLS, the client authenticates the server before making a connection, and all data passed between the client and the server is encrypted. Depending on the server configuration, the server may also authenticate the client.

Authentication is accomplished by sending an X.509 security certificate. Authentication occurs automatically and invisibly as the first step of establishing an SSL/TLS connection. SSL/TLS connections require the client to authenticate the server. It is optional for the server to authenticate the client.

Once an encrypted connection is established, data is transmitted using the encryption level you have specified.

Supported Cryptographic Algorithms

TLS version 1.2, TLS version 1.0 (the default), and SSL version 3.0 are supported for IBM, VT, Unisys, T27, ALC, and FTP sessions.

TLS version 1.3 is supported for IBM, VT, Unisys, T27, and FTP sessions.

The list of cipher suites available for a given connection depends on the SSL/TLS version you specify, the encryption strength setting, and whether or not you are configured to run in FIPS mode.

For TLS connections, Elliptic Curve Cryptography (ECC) is supported in IBM, VT, Unisys, T27, ALC, and FTP sessions. Currently, only prime curves are supported for Elliptic Curve Cryptography