Problem

AT-TLS can be implemented for CFT on the mainframe

It offers best performances to manage the SSL sessions establishment when compare to the use of the CFT PKI

It saves CFT from using the IBM API to access the certificates from the RACF RING and SSL routines are directly used at TCP/IP socket level instead of the embedded C functions in CFT.

It keeps CFT parameters simpler to maintain in removing all SSL related stuff.

For some organizations, it helps keeping separated the team in charge of the flows from the security team involved when certificates management are concerned.

Resolution

The AT-TLS configuration used in AXWAY is provided as a guideline. It is attached to that article for reference only.

The documentation on the AT-TLS implementation is available from IBM.

Concerns about AT-TLS are to be directed to IBM support