Currently, i5/OS™ supports two methods of creating secure socket applications on the iSeries™. The SSL_ APIs and Global Secure Toolkit (GSKit) APIs provide communications privacy over an open communications network, which in most cases is the Internet.
These APIs allow client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. Both support server and client authentication and both allow an application to use Secure Sockets Layer (SSL) protocol. However, GSKit APIs are supported across all IBM® platforms, while the SSL_ APIs only exist in the i5/OS operating system. To enhance portability across platforms, it is recommended that you use GSKit APIs when developing applications for secure socket connections.
Originally developed by Netscape, Secure Sockets Layer (SSL) protocol is a layered protocol that is intended to be used on top of a reliable transport such as Transmission Control Protocol (TCP) to provide secure communications for an application. A few of the many applications that require secure communications are HTTPs, FTPs, SMTP, and TELNETs.
An SSL-enabled application typically needs to use a different port than an application that is not SSL-enabled. For example, an SSL-enabled browser accesses an SSL-enabled Hypertext Transfer Protocol (HTTP) server with a Universal Resource Locator (URL) that begins "HTTPs" rather than "HTTP." In most cases, a URL of "HTTPs" attempts to open a connection to port 443 of the server system instead of to port 80 that the standard HTTP server uses.
There are multiple versions of the SSL protocol defined. The latest version, Transport Layer Security (TLS) Version 1.0, provides an evolutionary upgrade from SSL Version 3.0. Both SSL_ APIs and the GSKit APIs support TLS Version 1.0, TLS Version 1.0 with SSL Version 3.0 compatibility, SSL Version 3.0, SSL Version 2.0, and SSL Version 3.0 with 2.0 compatibility. For more details on TLS Version 1.0, see RFC 2246: "Transport Layer Security".