>From other posts I've seen on the list, the initialization of the CKDS and >PKDS all fail with a return code of 12. My question is: Can you still run >CSF with empty datasets and no crypto processor and still expect it to offer >any SSL ciphers?
Regarding the client: by client, I meant DB2 connect running on a laptop. My previous sslscan indicated only a few ciphers were "preferred", but I don't know how to get the DB2 client on the laptop to request one of those ciphers.....what a mess! db -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Phil Smith Sent: Friday, December 16, 2011 9:08 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Calling all "crypto" gurus David Booher wrote: >I have a z800 with no cryptographic processor installed. I'm attempting to >use the SECURE SSL port on DB2 to establish a connection. I've pretty much >stepped thru the entire RedPaper on this. It seems the client (running IBM's >gskit) doesn't want to negotiate a cipher to use with the mainframe. I know >since I don't have a crypto processor, I'm a very limited in what I can >support on the mainframe. By doing an SSLSCAN, I do see that the mainframe >does offer two specific ciphers to be used, however the client doesn't want to >negotiate those ciphers. As RS notes, you don't need crypto hardware to use SSL - only to use it rapidly. But "the client ... doesn't want to negotiate a cipher" really bothers me. That's how SSL/TLS work. What does the client suggest? Not using SSL? Using a specific cipher? Tin cans and string (SECURE string, mind you)??? It doesn't really sound to me like z/OS is the problem here. -- ...phsiii Phil Smith III p...@voltage.com<mailto:p...@voltage.com> Voltage Security, Inc. www.voltage.com<http://www.voltage.com> (703) 476-4511 (home office) (703) 568-6662 (cell) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN