NOTICE:
All information in and attached to the e-mail(s) below may be proprietary,
confidential, privileged and otherwise protected from improper or erroneous
disclosure. If you are not the sender's intended recipient, you are not
authorized to intercept, read, print, retain, copy, forward, or disseminate
this message. If you have erroneously received this communication, please
notify the sender immediately by phone (704-758-1000) or by e-mail and destroy
all copies of this message (electronic, paper, or otherwise). Thank you.
You might want to put "DEBUG SEC CMD SOC(3) FLO" in the SYSFTPD. When I
was having issues, this is what support gave me to help debug the
problem. Also, you can add PARM=('ENVAR("GSK_TRACE=0XFFFF")/-r tls') to
turn on GSK tracing. The part I had the most trouble with was getting a
copy of the server's certificate connected to my keyring.
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Chase, John
Sent: Thursday, June 22, 2006 12:56 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: SSL/TLS Woes FTP
> -----Original Message-----
> From: IBM Mainframe Discussion List On Behalf Of Gray, Larry - Larry A
>
> If you are using certificates under ACF2 or RACF, that will
> not be a file. In ACF2 speak, it is the Ringname. In RACF
> it is the RING.
That will come later. Right now I have a connection established (after
having created the requisite stash file for the key database), and the
server apparently is waiting for the client (z/OS) to start negotiation
of the security stuff. The batch job is just sitting there, and the
last message from the server is:
234 SSL enabled and waiting for negotiation
It's been that way for a few minutes now, and the "sandbox" is not being
starved for CPU....
>From my reading of the Appendix in the IP Configuration Guide (or
Reference; I forget) manual, what's supposed to happen at this point is
that the server sends its certificate, and my client is supposed to ask
whether to accept the (presently unknown) certificate; yet that does not
appear to be happening. The FTP job is not looping, either.
This is "initial experimentation", with the only additions to FTPDATA
being the absolute minimum "KEYRING keyfilename" and SECURE_MECHANISM
TLS" statements; everything else relating to "secure FTP" is allowed to
default.
"So far, so BAD."
-jc-
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
