Radolslaw, There are 2 parts to TLS encryption, the handshake and the data encryption. (Others may argue there are more.) These are the handshake and the data transfer. The handshake uses asymmetric encryption (RSA key pairs typically, but also Elliptic Curve key pairs), while the data transfer uses symmetric encryption.
TLS will use CPACF for the data encryption if it is physically available and the encryption mechanism is supported by CPACF. TLS will use Crypto Express 2 device for the handshake if it can. This may depend again on the encryption mechanism requested in the Cipher suite specified. TLS will use software where it cannot use the hardware. TLS also uses hashing. This too is usually handled using CPACF, if available. Also I think that the z15 CPACF has some asymmetric support which can also be invoked. You have to make sure that the Cipher Suite you choose is supported by the hardware. There are RMF reports showing Crypto usage, but I have only seen these in batch reports. Maybe they are available on panels and others can help you. You will probably find it useful to run the SSL started task, GSKSRVR. This will give you information about sessions using TLS and SSL. It is an optional address space. It is documented in Chapter 11 of Cryptographic Services System Secure Sockets Layer Programming SC14-7495-50. Depending on the 3270 client you are using there will usually be a way to see what is being used. For example on Vista 3270 you can click the little upward arrow in the bottom left of the screen. This shows you the crypto services being used. Regards Lennie Lennie Dymoke-Bradshaw https://rsclweb.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Radoslaw Skorupka Sent: 21 January 2022 13:11 To: [email protected] Subject: TCPIP and ICSF. And RMF How to reconfigure TCPIP family members (TCPIP, TN3270, FTP, etc.) to start using ICSF services for things requiring cryptography? And how to check whether they use/don't use ICSF? Another question: is there any RMF screen showing current utilization of crypto HW? -- Radoslaw Skorupka Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
