CICS supports two security protocols that can
be used to provide secure communication over the Internet. The first is the
Secure Sockets Layer (SSL) 3.0 protocol. The second is the Transport Layer
Security (TLS) 1.0 protocol, which is the latest industry standard SSL protocol
and is based on SSL 3.0. The TLS 1.0 specification is documented in RFC2246
and is available on the Internet at www.rfc-editor.org/rfcsearch.html. Any connections
that require encryption will automatically use the TLS protocol, unless the
client specifically requires SSL 3.0. 
Note: 
For clarity, the term SSL is used to refer to both protocols
in the documentation, except where a specific point about either protocol
is required.


The primary aim of TLS is to make the Secure Sockets
Layer more secure and to make the specification of the protocol more precise
and complete. TLS provides the following enhancements over SSL 3.0:
- Key-Hashing for Message Authentication
- TLS uses Key-Hashing for Message Authentication Code (HMAC), which ensures
that a record cannot be altered while travelling over an open network such
as the Internet. SSL Version 3.0 also provides keyed message authentication,
but HMAC is considered more secure than the (Message Authentication Code)
MAC function that SSL Version 3.0 uses.
- Enhanced Pseudorandom Function (PRF)
- PRF is used for generating key data. In TLS, the PRF is defined with the
HMAC. The PRF uses two hash algorithms in a way that guarantees its security.
If either algorithm is exposed then the data remains secure as long as the
second algorithm is not exposed.
- Improved finished message verification
- Both TLS 1.0 and SSL 3.0 provide a finished message to both endpoints
that authenticates that the exchanged messages were not altered. However,
TLS bases this finished message on the PRF and HMAC values, which is more
secure than SSL Version 3.0.
- Consistent certificate handling
- Unlike SSL 3.0, TLS attempts specify the type of certificate which must
be exchanged between TLS implementations.
- Specific alert messages
- TLS provides more specific and additional alerts to indicate problems
that either session endpoint detects. TLS also documents when certain alerts
should be sent.

The main features of the security protocols are:
- Privacy
- The data to be exchanged between the client and the server is encrypted.
See SSL encryption for more information.
- Integrity
- Data which is transmitted using the SSL protocols is protected against
tampering by a message authentication code (MAC). The MAC is computed
from the data contents using a secure hashing algorithm and transmitted with
the data. It is computed again by the receiver, and compared with the value
transmitted by the sender. A mismatch between the two values of the MAC indicates
that the data may have been tampered with.
- Authentication
- SSL uses digital certificates to authenticate servers to clients, and
— optionally — clients to servers.