× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. August 2005

OS feature requirements for SSL

I'd like to use the GSKit API to port the client side of a customer's 
application to the 400. The application requires SSL-protected socket 
connections between the client and the server. 

The IBM site lists the following as SSL prereqs:
[quoting]
SSL Prerequisites: 
   
   - IBM Digital Certificate Manager (DCM), option 34 of OS/400 
   (5722-SS1)
   - TCP/IP Connectivity Utilities for iSeries (5722-TC1)
   - IBM HTTP Server for iSeries (5722-DG1)
   - If you are trying to use the HTTP server to use the DCM, ensure that 
   you have the IBM Developer Kit for Java(TM) (5722-JV1) installed. 
   Otherwise, the HTTP admin server will not start.
   - The IBM Cryptographic Access Provider product, 5722-AC3 (128-bit). 
   The bit size for this product indicates the maximum size of the secret 
   material within the symmetric keys that can be used in cryptographic 
   operations. The size allowed for a symmetric key is controlled by the export 
   and import laws of each country. A higher bit size results in a more secure 
   connection.
   - You may also want to install cryptographic hardware to use with SSL 
   to speed up the SSL handshake processing. See the Cryptographic 
   
hardware<http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/info/rzajc/rzajcoverview.htm>information
for available options. If you want to install cryptographic
   hardware, you must also install Option 35, the Cryptographic Service 
   Provider. 

[end quote]

I don't need to create any certificates on the 400, but I may need to do 
cert-based crypto on the client side (hopefully entirely through the GSKit 
API) to negotiate the SSL connection with the remote server. Does the DCM 
need to be installed in order for the GSKit API to functional at all, or is 
the DCM only required when the 400 is creating certificates?

The way I see it, I should really only need TCP/IP and the Crypto Access 
Provider, and the GSKit API calls will either exploit hardware crypto or not 
based on the features installed on my customer's customer's machine. Is that 
correct?

Also, are any of the above components (other than crypto hardware) NOT 
included in the base license of V5R3 and above?

Thanks for any help-

-Jared

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.