System i: Programming Secure Sockets APIs - IBM

More documents

Recommendations

Info

v Use the system default cipher specification list if a previous SSL_Init_Application() API or SSL_Init() API was not done The caller specifies the preferred order of the cipher specifications. The cipher specification values, shown here not in preferred or strength order, are defined in as the following: Notes: C Constant Hex System Value TLS_RSA_WITH_NULL_MD5 0x0001 *RSA_NULL_MD5 TLS_RSA_WITH_NULL_SHA 0x0002 *RSA_NULL_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 *RSA_EXPORT_RC4_40_MD5 TLS_RSA_WITH_RC4_128_MD5 0x0004 *RSA_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA 0x0005 *RSA_RC4_128_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 *RSA_EXPORT_RC2_CBC_40_MD5 TLS_RSA_WITH_DES_CBC_SHA 0x0009 *RSA_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A *RSA_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA 0x002F *RSA_AES_128_CBC_SHA (TLS Version 1 only) TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 *RSA_AES_256_CBC_SHA (TLS Version 1 only) TLS_RSA_WITH_RC2_CBC_128_MD5 0xFF01 *RSA_RC2_CBC_128_MD5 (SSL Version 2 only) TLS_RSA_WITH_DES_CBC_MD5 0xFF02 *RSA_DES_CBC_MD5 (SSL Version 2 only) TLS_RSA_WITH_3DES_EDE_CBC_MD5 0xFF03 *RSA_3DES_EDE_CBC_MD5 (SSL Version 2 only) 1. The SSL_RSA_EXPORT_WITH_DES40_CBC_SHA cipher is not supported by i5/OS ® . 2. The default cipher suite list in preference order when the operating system is installed is as follows: C Constant System Value TLS_RSA_WITH_AES_128_CBC_SHA *RSA_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA *RSA_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 *RSA_RC4_128_MD5 TLS_RSA_WITH_AES_256_CBC_SHA *RSA_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA *RSA_3DES_EDE_CBC_SHA 3. The current default cipher suite list can be different from the install time list due to changes made to the QSSLCSL (SSL cipher specification list) system value via the Change System Value (CHGSYSVAL) command. A cipher suite removed from the SSL cipher specification list will also be removed from the default cipher suite list shown here. The order of the cipher suites in QSSLCSL will be used to order the cipher suites in the default list. 4. The Display System Value (DSPSYSVAL) command or the Retrieve System Values (QWCRSVAL) API can be used to determine the current setting of the supported ciphers (QSSLCSL) for system SSL. unsigned int cipherSuiteListLen (input) The number of cipher suite entries specified in the list pointed to by the cipherSuiteList parameter. unsigned int sessionType (output) The type registered for the application. The following values are returned in sessionType and are defined in . SSL_REGISTERED_AS_CLIENT 0 SSL_REGISTERED_AS_SERVER 1 SSL_REGISTERED_AS_SERVER_WITH_CLIENT_AUTH 2 SSL_REGISTERED_AS_SERVER_WITH_OPTIONAL_CLIENT_AUTH 3 SSL_REGISTERED_AS_NOT_SPECIFIED 99 unsigned int reserved1 (input) This reserved field must be set to 0. 86 System i: Programming Secure Sockets APIs
unsigned int protocol (input) The protocol(s) that are acceptable as the handshake protocol for this job. The following values may be specified for protocol and are defined in . SSL_VERSION_CURRENT 0 (TLS with SSL Version 3.0 and SSL Version 2.0 compatibility) SSL_VERSION_2 2 (SSL Version 2.0 only) SSL_VERSION_3 3 (SSL Version 3.0 only) TLS_VERSION_1 4 (TLS Version 1 only) TLSV1_SSLV3 5 (TLS Version 1 with SSL Version 3.0 compatibility) unsigned int timeout (input) The time period (in seconds) for which TLS Version 1.0 and SSL Version 3.0 session parameters are cached for use with abbreviated SSL handshakes. The valid range for timeout is from 1 to 86,400 seconds (24 hours). Not specifying a value (0) will default to the maximum timeout, and specifying a value of 0xffffffff will disable caching. The following values are defined in . SSL_TIMEOUT_DEFAULT 0 (Use default timeout, 24 hours) SSL_TIMEOUT_MAX 86400 (Use maximum timeout, 24 hours) SSL_TIMEOUT_DISABLE 0xffffffff (Disable caching of session parameters for abbreviated handshakes) char reserved[12] (input) This reserved field must be set to NULL (0s). Authorities Authorization of *R (allow access to the object) to the key database file and its associated files is required. The certificate is stored in a key database file. Return Value The SSL_Init_Application() API returns an integer. Possible values are: [0] Successful return [SSL_ERROR_BAD_CIPHER_SUITE] A cipher suite that is not valid was specified. [SSL_ERROR_CERT_EXPIRED] The validity time period of the certificate is expired. [SSL_ERROR_KEYPASSWORD_EXPIRED] The specified key ring password has expired. [SSL_ERROR_NO_KEYRING] No key ring file was found. [SSL_ERROR_NOT_REGISTERED] The application identifier is not registered with the certificate registry facility. [SSL_ERROR_NOT_TRUSTED_ROOT] The certificate is not signed by a trusted certificate authority. [SSL_ERROR_NO_CERTIFICATE] No certificate is available for SSL processing. [SSL_ERROR_IO] Secure Sockets APIs 87
Page 1:
System i Programming Secure Sockets
Page 4 and 5:
Note Before using this information
Page 6 and 7:
Related Information . . . . . . . .
Page 8 and 9:
vi System i: Programming Secure Soc
Page 10 and 11:
APIs These are the APIs for this ca
Page 12 and 13:
ufID (Input) The following values c
Page 14 and 15:
v GSK_CONNECT_CIPHER_SPEC v GSK_SID
Page 16 and 17:
[GSK_INSUFFICIENT_STORAGE] Not able
Page 18 and 19:
gsk_attribute_get_enum()—Get enum
Page 20 and 21:
secure session does not start, and
Page 22 and 23:
API introduced: V5R1 Top | UNIX-Typ
Page 24 and 25:
v GSK_FD v GSK_HANDSHAKE_TIMEOUT v
Page 26 and 27:
[GSK_INVALID_STATE] One of the foll
Page 28 and 29:
8. If GSK_OS400_APPLICATION_ID is s
Page 30 and 31:
if validation fails because the cer
Page 32 and 33:
gsk_attribute_set_enum()—Set enum
Page 34 and 35:
active secure sessions will continu
Page 36 and 37:
gsk_attribute_set_numeric_value()
Page 38 and 39:
v GSK_V3_SIDCACHE_SIZE v GSK_LDAP_S
Page 40 and 41:
v “gsk_secure_soc_init()—Negoti
Page 42 and 43:
[ETERM] Operation terminated. If an
Page 44 and 45: 2. v GSK_SESSION_TYPE set to GSK_CL
Page 46 and 47: Error Messages Message ID Error Mes
Page 48 and 49: [GSK_AS400_ERROR_INVALID_POINTER] T
Page 50 and 51: attributes. In most cases, as resul
Page 54 and 55: v “gsk_secure_soc_misc()—Perfor
Page 56 and 57: matched sets. If a client applicati
Page 58 and 59: Authorities Authorization of *R (al
Page 60 and 61: gsk_secure_soc_startRecv()—Start
Page 62 and 63: The handle specified was not valid.
Page 64 and 65: v “gsk_secure_soc_misc()—Perfor
Page 66 and 67: Authorities No authorization is req
Page 68 and 69: 6. Socket option SO_SNDTIMEO is not
Page 70 and 71: [EPIPE] [EUNATCH] The specified des
Page 72 and 73: Example The following example shows
Page 74 and 75: Qlg_Path_Name_T *keyringFileName (i
Page 76 and 77: v The CCSID specified in the keyrin
Page 78 and 79: unsigned protocol; /* SSL protocol
Page 80 and 81: Service Program Name: QSOSSLSR Defa
Page 82 and 83: Related Information v “SSL_Create
Page 84 and 85: unsigned int cipherSuiteListLen The
Page 86 and 87: [EBADF] [EBUSY] Permission denied.
Page 88 and 89: ignore attempts by applications to
Page 90 and 91: C Constant System Value TLS_RSA_WIT
Page 92 and 93: ignore attempts by applications to
Page 96 and 97: An error occurred in SSL processing
Page 98 and 99: Parameters int sslreturnvalue (Inpu
Page 100 and 101: Parameters SSLHandle* handle (input
Page 102 and 103: [EUNATCH] [EUNKNOWN] The protocol r
Page 104 and 105: Authorities No authorization is req
Page 106 and 107: struct SSLHandleStr { /* SSLHandleS
Page 110 and 111: Name of Header File Name of File in
Page 112 and 113: Name Value Text Details ENOTWRITE 3
Page 114 and 115: Name Value Text Details EHOSTDOWN 3
Page 116 and 117: Name Value Text Details EISDIR 3471
Page 118 and 119: Name Value Text Details EBADFID 351
Page 120 and 121: CONDITIONS OF MERCHANTABILITY, FITN
Page 122 and 123: IBM Corporation Software Interopera
Page 124 and 125: SAA SecureWay SOM System i System i
Page 126: 118 System i: Programming Secure So
show all

System i: Programming Secure Sockets APIs - IBM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?