Mainframe customers take security seriously. Chris Meyer, senior technical staff member at IBM, spoke about pervasive encryption and upgrading to TLS 1.2 and preparing for TLS 1.3 in his SHARE Fort Worth Best Strategic Partner session, “Pervasive Encryption: AT-TLS, Upgrading to TLS 1.2 and Preparing for TLS 1.3.” Transport Layer Security (TLS), which evolved from the old Secure Sockets Layer (SSL) protocol, is a key element in complying with local, government, and industry data protection standards. TLS is also an important part of any IBM Z Pervasive Encryption strategy, Meyer says.
According to Meyer, TLS provides peer and data authentication, data integrity, and data privacy protection to TCP/IP network connections using a variety of cryptographic algorithms. Application-Transparent TLS (AT-TLS) is a feature of the z/OS Communications Server that provides TLS protection for z/OS TCP/IP workloads regardless of programming language and without requiring modification to the application source code. For customers who have users and applications that connect to z/OS over TCP/IP, the chances are that customers need to consider AT-TLS.
“Under the covers, AT-TLS uses System SSL, a component of the z/OS Cryptographic Services element, for the actual TLS protocol processing,” Meyer explains. “System SSL supports TLS versions all the way up to the latest TLS 1.3 protocol and makes heavy use of IBM Z cryptographic hardware.” He adds, “Staying current on the new TLS standards and cryptographic algorithms will provide strong protection for z/OS data in flight and will be a key element in complying with your company's data protection and privacy standards.”
Keeping security up-to-date, System SSL regularly adds new capabilities to stay current with the latest TLS standards. Meyer says, “As those enhancements are delivered, AT-TLS is also enhanced to expose the new capabilities through the policy rules that govern AT-TLS protection.” The AT-TLS rules describe the connections to be protected (IP addresses, ports, job name, etc.) and how to protect them (TLS protocol version, cipher suites, etc.). He explains, “When AT-TLS matches a new TCP connection to one of its rules, it invokes System SSL on the application/middleware's behalf using the protection parameters specified in the rule.”
Meyer explains that because AT-TLS rules keep up with the latest System SSL features, businesses will always have those features through easy-to-manage policy updates. The Communications Server provides z/OS network security administrators with a powerful z/OSMF-based graphical user interface (GUI) called the Network Configuration Assistant (NCA). With this GUI, you can create, manage, and deploy AT-TLS policies across a wide range of z/OS systems and sysplexes.
Must-Have Security Protocols
AT-TLS supports the TLS 1.2 protocol version, advanced cryptographic algorithms like AES-based encryption, SHA-2 based message authentication/integrity, and sufficiently long cryptographic keys (for example, RSA keys that are at least 2048 bits long). These are required by most current data protection and privacy standards. “By leveraging System SSL, AT-TLS supports all of these and makes heavy use of IBM Z cryptographic hardware like CPACF and Crypto Express adapters,” says Meyer. “And in z/OS V2R4, System SSL and AT-TLS added support for the new TLS 1.3 protocol, which was recently adopted as a standard by the Internet Engineering Task Force (IETF).” However, some of the new algorithms that TLS 1.3 uses have not yet been accelerated in hardware, he cautions.
Moving to TLS 1.3
Meyer explains that, like most new TLS features, enabling TLS 1.3 through AT-TLS requires updates to your AT-TLS policy. “It is important to note that TLS 1.3 is a very different protocol than any of its predecessors, so the conversion can be a bit more complex than previous incremental TLS protocol version upgrades,” he explains. “To ease the transition, AT-TLS provides default values for some of the new required parameters and the Network Configuration Assistant provides guidance in selecting the new values if you need to tailor them.” Meyer cautions that like any changes to TLS protection, customers will need to make sure that any configuration changes made in AT-TLS policy are also made in the communication partner's configuration.
The current industry standard is TLS 1.2, which means that customers have either already upgraded to that version or will be doing so soon. Meyer adds that moving from an older TLS protocol version to TLS 1.2 with AT-TLS and System SSL is generally straightforward, but there are a few considerations that may come into play depending on how long it has been since the TLS configuration and environment were last updated. For example, Meyer says some weaker cipher suites and algorithms are no longer allowed, such as the use of MD2 hashes in certificate digital signatures.
When TLS 1.2 became a standard, some parameters were introduced regarding the digital signature algorithm pairs used in certificates. For the most part, System SSL and AT-TLS will accept any valid algorithm pair, but in some cases, customers may need to explicitly specify the list of pairs that the company is willing to accept. In order to ensure compatibility with existing configurations, TLS 1.2 is not enabled by default and must be explicitly enabled where needed, according to Meyer.
Moving from TLS 1.2 to TLS 1.3 is a little more complex because, as stated earlier, TLS 1.3 is a very different protocol. For example, Meyer says, TLS 1.3 only supports five cipher suites, none of which are compatible with TLS 1.2 or earlier. Cryptographically, TLS 1.3 is very strong, but it uses a number of very new algorithms that, as mentioned above, have not yet been accelerated in hardware. He adds, “There are also several new required parameters that allow for much greater control of the specific key exchange algorithms used during a TLS 1.3 handshake.” AT-TLS provides defaults for each of these to simplify your initial deployment of TLS 1.3 for a given connection. Like TLS 1.2, to ensure compatibility with existing configurations, TLS 1.3 is not enabled by default.
Pervasive Encryption Is Key
According to Meyer, for TCP/IP traffic there is TLS protection, and AT-TLS, relying on System SSL, provides a powerful and flexible approach to applying strong TLS protection to your z/OS TCP/IP connections, often with no modification to source code. AT-TLS and System SSL are regularly updated to provide the latest TLS features and through the Network Configuration Assistant. He adds that AT-TLS provides a single GUI-based administration interface for TLS protection across many different z/OS workloads, systems, and sysplexes, which he says makes pervasive encryption easier to administer.