David Booher wrote: >I have a z800 with no cryptographic processor installed. I'm attempting to >use the SECURE SSL port on DB2 to establish a connection. I've pretty much >stepped thru the entire RedPaper on this. It seems the client (running IBM's >gskit) doesn't want to negotiate a cipher to use with the mainframe. I know >since I don't have a crypto processor, I'm a very limited in what I can >support on the mainframe. By doing an SSLSCAN, I do see that the mainframe >does offer two specific ciphers to be used, however the client doesn't want to >negotiate those ciphers.
As RS notes, you don't need crypto hardware to use SSL - only to use it rapidly. But "the client ... doesn't want to negotiate a cipher" really bothers me. That's how SSL/TLS work. What does the client suggest? Not using SSL? Using a specific cipher? Tin cans and string (SECURE string, mind you)??? It doesn't really sound to me like z/OS is the problem here. -- ...phsiii Phil Smith III p...@voltage.com<mailto:p...@voltage.com> Voltage Security, Inc. www.voltage.com<http://www.voltage.com> (703) 476-4511 (home office) (703) 568-6662 (cell) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
