Suggested reading: z/OS Communications Server, IP Configuration Guide, Version 1 Release 4, Document Number SC31-8775-02. Of course, use the manual appropriate to your os level.
Hint: IBM calls it TLS (transport layer security) which is claimed to be a superset of SSL. Depending on how you set up your certificate based environment, you may already be encrypting the data flow. I would suggest turning on some debugging security traces. (See below). Note: you may have to recycle the FTP server to pick up the changes. Upon connection, the FTP client and server negotiate the highest level of encryption that both can support using the keys in the respective certs. Assuming some level of encryption is agreed upon, then nothing further flows in the open. I believe that all of the messages will appear on the client side, not the server side. Here are extracts from my notes on my testing: Add to server SYS1.TCPPARMS(FTPSDATA) DEBUG SEC ACCESSERRORMSGS ; Send detailed login failure replies KEYRING MYRING1 ; Cert keyring EXTENSIONS AUTH_TLS ; Activate SSL support Add to client //SYSFTPD DD DISP=SHR,DSN=MYHLQ.JOB.CNTL(FTPSSL1) DEBUG SOC(2) CLIENTERRCODES TRUE KEYRING MYkeyring1 SECURE_DATACONN PRIVATE SECURE_MECHANISM TLS Invoke FTP: //S001 EXEC PGM=FTP,PARM='-v -d -e -r TLS' NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
