KB Article #181863
AT-TLS hints and tips for implementation with Transfer CFT
Problem
AT-TLS can be implemented for CFT on the mainframe
It offers best performances to manage the SSL sessions establishment when compare to the use of the CFT PKI
It saves CFT from using the IBM API to access the certificates from the RACF RING and SSL routines are directly used at TCP/IP socket level instead of the embedded C functions in CFT.
It keeps CFT parameters simpler to maintain in removing all SSL related stuff.
For some organizations, it helps keeping separated the team in charge of the flows from the security team involved when certificates management are concerned.
Resolution
The AT-TLS configuration used in AXWAY is provided as a guideline. It is attached to that article for reference only.
The documentation on the AT-TLS implementation is available from IBM.
Concerns about AT-TLS are to be directed to IBM support