Hi all,

does someone know whether the Application Transparent Transport Layer Security (AT-TLS) feature of TCP/IP is supported by WebSphere Application Server for z/OS V8.5.5.

Thanks and best regards,

Erdmann

I always thought the point of AT-TLS was that it was transparent to the application (in this case WAS) and so it doesn't know it is there.

Cheers,
Morag

I have just begun testing AT-TLS on z/OS for use with CICS especially with software that cannot exploit cryptographic hardware offload.  If you have crypto hardware on your mainframe, and ICSF running on the hosts where WebSphere AS runs, then that may be preferable.  R&D time is a bit scarce, but I will try to post information as soon as possible.

In Reply to Erdmann Treffurth:

Hi all,

does someone know whether the Application Transparent Transport Layer Security (AT-TLS) feature of TCP/IP is supported by WebSphere Application Server for z/OS V8.5.5.

Thanks and best regards,

Erdmann

We have ICSF active and using it currently with WebSphere. The certificates we are using have  a lifetime of one year. In order to avoid the outages at renewing the certificates we wanted to try AT-TLS. Any information about this is appreciated. Thank you!

Since WAS z/OS V6.1 we use the Java provided JSSE support for SSL/TLS.  The 'hybrid provider' aka IBMJCEHYBRID detects ICSF support and related hardware crypto and uses it.  See the following techdoc for more info: https://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP101213

This applies to both traditional WAS and Liberty.  We do not use the AT-TLS support that is provided by z/OS.