Transport Layer Security protocol

The Transport Layer Security (TLS) 1.0 protocol is a standard security protocol, that provides secure communication over the Internet.

Start of change CICS supports two security protocols that can be used to provide secure communication over the Internet. The first is the Secure Sockets Layer (SSL) 3.0 protocol. The second is the Transport Layer Security (TLS) 1.0 protocol, which is the latest industry standard SSL protocol and is based on SSL 3.0. The TLS 1.0 specification is documented in RFC2246 and is available on the Internet at www.rfc-editor.org/rfcsearch.html. Any connections that require encryption will automatically use the TLS protocol, unless the client specifically requires SSL 3.0. End of change

Start of changeThe primary aim of TLS is to make the Secure Sockets Layer more secure and to make the specification of the protocol more precise and complete. TLS provides the following enhancements over SSL 3.0:
Key-Hashing for Message Authentication
TLS uses Key-Hashing for Message Authentication Code (HMAC), which ensures that a record cannot be altered while travelling over an open network such as the Internet. SSL Version 3.0 also provides keyed message authentication, but HMAC is considered more secure than the (Message Authentication Code) MAC function that SSL Version 3.0 uses.
Enhanced Pseudorandom Function (PRF)
PRF is used for generating key data. In TLS, the PRF is defined with the HMAC. The PRF uses two hash algorithms in a way that guarantees its security. If either algorithm is exposed then the data remains secure as long as the second algorithm is not exposed.
Improved finished message verification
Both TLS 1.0 and SSL 3.0 provide a finished message to both endpoints that authenticates that the exchanged messages were not altered. However, TLS bases this finished message on the PRF and HMAC values, which is more secure than SSL Version 3.0.
Consistent certificate handling
Unlike SSL 3.0, TLS attempts specify the type of certificate which must be exchanged between TLS implementations.
Specific alert messages
TLS provides more specific and additional alerts to indicate problems that either session endpoint detects. TLS also documents when certain alerts should be sent.
End of change