NOTICE: All information in and attached to the e-mail(s) below may be proprietary, confidential, privileged and otherwise protected from improper or erroneous disclosure. If you are not the sender's intended recipient, you are not authorized to intercept, read, print, retain, copy, forward, or disseminate this message. If you have erroneously received this communication, please notify the sender immediately by phone (704-758-1000) or by e-mail and destroy all copies of this message (electronic, paper, or otherwise). Thank you.
You might want to put "DEBUG SEC CMD SOC(3) FLO" in the SYSFTPD. When I was having issues, this is what support gave me to help debug the problem. Also, you can add PARM=('ENVAR("GSK_TRACE=0XFFFF")/-r tls') to turn on GSK tracing. The part I had the most trouble with was getting a copy of the server's certificate connected to my keyring. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Chase, John Sent: Thursday, June 22, 2006 12:56 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: SSL/TLS Woes FTP > -----Original Message----- > From: IBM Mainframe Discussion List On Behalf Of Gray, Larry - Larry A > > If you are using certificates under ACF2 or RACF, that will > not be a file. In ACF2 speak, it is the Ringname. In RACF > it is the RING. That will come later. Right now I have a connection established (after having created the requisite stash file for the key database), and the server apparently is waiting for the client (z/OS) to start negotiation of the security stuff. The batch job is just sitting there, and the last message from the server is: 234 SSL enabled and waiting for negotiation It's been that way for a few minutes now, and the "sandbox" is not being starved for CPU.... >From my reading of the Appendix in the IP Configuration Guide (or Reference; I forget) manual, what's supposed to happen at this point is that the server sends its certificate, and my client is supposed to ask whether to accept the (presently unknown) certificate; yet that does not appear to be happening. The FTP job is not looping, either. This is "initial experimentation", with the only additions to FTPDATA being the absolute minimum "KEYRING keyfilename" and SECURE_MECHANISM TLS" statements; everything else relating to "secure FTP" is allowed to default. "So far, so BAD." -jc- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html