The following terminology is used to describe the enhancements to
Internet security in CICS®.
- Transport Layer Security (TLS)
- A security protocol that is used to provide secure communication over
the Internet. The specification is documented in RFC2246.
- cipher suite
- A combination of an encryption algorithm, encryption key length and MAC
algorithm that is negotiated during an SSL handshake.
- Message Authentication Code (MAC)
- A cryptographically secure hash code that is associated with each message
sent over an SSL connection.
- MAC algorithm
- A cryptographic algorithm that calculates a message authentication code.
SSL uses the MD5 and SHA algorithms.
- SSL cache
- The cache that is used by SSL to store session id information about its
encryption negotiation with clients. If a client has previously securely connected
to CICS using
SSL, only a partial handshake is performed to establish the SSL connection.
- certificate revocation list
- A list of revoked certificates that is provided by independent bodies
called certificate authorities. If a certificate has been withdrawn, it is
added to a certificate revocation list. These lists can be cross-referenced
during the SSL handshake negotiation when the client and server try to authenticate
one another.
- SP mode
The TCB mode that owns the initial pthread-owning task. The initial
pthread-owning task owns all the pthreads that are used by S8 TCBs.
- SSL pool
- The pool that contains and manages the S8 TCBs in a CICS region.
- SSL handshake
- An exchange of information that takes place between a client and server
when a connection is established. The handshake involves the negotiation of
which encryption algorithms to use, and authentication of one another.