Transport level security

Transport level security is based on Secure Sockets Layer (SSL) or Transport Layer Security (TLS) that runs beneath HTTP.

Transport level security can be used to secure Web services messages. It is orthogonal to the security support provided by WS-Security or HTTP Basic Authentication.

SSL and TLS provide security features including authentication, data protection, and cryptographic token support for secure HTTP connections. To run with HTTPS, the service port address must be in the form https://.

The integrity and confidentiality of transport data, including SOAP messages and HTTP basic authentication, is confirmed when you use SSL and TLS. See Secure Sockets Layer for more information.

Web services applications can also use FIPS approved ciphers for more secure TLS connections. For information on FIPS, see Global security settings.

WebSphere Application Server uses the Java Secure Sockets Extension (JSSE) package to support SSL and TLS.


 

See Also


Secure Sockets Layer

 

Related Tasks


Securing Web services for v5.x applications based on WS-Security

 

See Also


HTTP SSL Configuration collection
Global security settings