I am curious here. This isn't my field really. If the traffic is only encrypted to the end application (TN3270) then what happens when a user signs on to CL/SS itself. It appears to me that the password would be sent in the clear.
Lennie Dymoke-Bradshaw Consultant 'Dance like no one is watching. Encrypt like everyone is.' -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Edgington, Jerry Sent: 24 June 2020 16:30 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] CL/ / Supersession Yes, if you want to secure the inbound TN3270 traffic, then update AT/TLS configuration for TN3270 port to use SSL. And you will need have the SSL signing CA root, on the client requesting the TN3270 connection. -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Karl S Huf Sent: Wednesday, June 24, 2020 11:26 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: CL/ / Supersession This message was sent from an external source outside of Western & Southern's network. Do not click links or open attachments unless you recognize the sender and know the contents are safe. ________________________________________________________________________________________________________________________ NTAC:3NS-20 So piling onto this thread . . . we've recently been asked to secure out TN3270 traffic. We are a CL/Superssion user (1.47) running z/OS 2.2 with a 2.4 project underway. Having caught up on this thread, if I understand correctly, there's nothing in CL/SS that needs to be done but rather updating the TN3270 server and, of course, the settings on the desktop emulator. Does this sound right? TIA! -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tim Hare Sent: Saturday, June 20, 2020 6:37 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXT] Re: CL/ / Supersession This email originated from outside the organization. Do not click links or open attachments unless you have verified this email is legitimate. TN3270 supports secure sockets. Just make your TN3270 terminals "auto logon" to CL/Supersession and you're good. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
