You can also use the CEEOPTS DD. Something like this:
//CEEOPTS DD *
ENVAR("GSK_PROTOCOL_TLSV1_2=1")
[...any other LE options you wish to use...]
/*
We also use this method of specifying TLS 1.2, but I seem to recall the
"official" method is to use AT-TLS instead. At the time we wanted to start
using TLS 1.2 we didn't have PAGENT (and thus AT-TLS) set up, so we went this
way. So offhand I don't know how it should be configured using PAGENT/AT-TLS.
________________________________
From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of
Wendell Lovewell <000001e9c0ee0673-dmarc-requ...@listserv.ua.edu>
Sent: Thursday, September 10, 2020 10:57 PM
To: IBM-MAIN@LISTSERV.UA.EDU <IBM-MAIN@LISTSERV.UA.EDU>
Subject: Re: Passing STDENV DD to FTP via SYSIN
Hey Charles, I took you seriously the first time. I appreciate your interest
in helping.
Bottom line, I'd like to come up with a job any z/OS customer could run,
without requiring changes to any of their system files (like FTPCDATA or AT-TLS
or RACF) that would allow them to transmit files to/from an FTP site using FTPS.
I've pretty much given up on that--I can't find a way to do it without
installing certificates used by the FTP server into their RACF/ACF2/Top Secret
databases. And even with the certificates in RACF, the only way I've gotten it
to work is force FTP to use TLS 1.2 by setting the "GSK_PROTOCOL_TLSV1_2"
environment variable to "ON" per this URL:
https://www.ibm.com/support/pages/zos-communications-server-tls-needed-implement-tls-v12
That page does say for FTP the STDENV dataset should be RECFM=VB. (I did try
various combinations of DD *,DCB=(...), including DCB=(RECFM=VB), but JES
didn't seem to allow that.) Gil might be on to something with the temporary
datasets not being available to spawned processes, but I've cataloged the
IEBGENER'd file and the job still fails like it doesn't find the
"GSK_PROTOCOL_TLSV1_2=ON" variable.
-------------------------------------------------------------------
I'm not sure how to close this out, but as I've been typing this, I did figure
out how to get around the STDENV problem. I'm going to go ahead and leave what
I've said so far in case someone else comes across this in the future, but
here's a work-around:
What I was trying to do was:
//FTPXFER EXEC PGM=FTP,REGION=4292K,
// PARM=('POSIX(ON) ALL31(ON)',
// 'ENVAR("_CEE_ENVFILE=DD:STDENV")/(EXIT')
//STDENV DD *
GSK_PROTOCOL_TLSV1_2=ON
//*
Where the 'ENVAR("_CEE_ENVFILE=DD:STDENV") is telling LE to look for
environment variables in the STDENV DD. The STDENV file wasn't being found,
but all it has is one variable name and value. So it occurred to me that I
could just put the variable and value in the PARM:
//FTPXFER EXEC PGM=FTP,REGION=4292K,
// PARM=('POSIX(ON) ALL31(ON)',
// 'ENVAR("GSK_PROTOCOL_TLSV1_2=ON")/(EXIT')
Turns out, it works!
Thanks for all your help.
Wendell
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
