Wendell:
Thank you for the notes.
What happened was that we were specifying TLSPORT=5521 and by just
specifying the TLSPORT it was assuming implicit connection and so neither
server nor client sent the 220 message and they just wait for some reply.
So I commented out the TLSPORT=5521 and just used port 5521 which then ran
in explicit mode.
TLSPORT forces implicit for that port.
Thanks again,
Roberto
On Mon, Oct 5, 2020 at 10:37 AM Wendell Lovewell <
000001e9c0ee0673-dmarc-requ...@listserv.ua.edu> wrote:
> I can't help you much on the server side of the equation, but this excerpt
> from an FTP client job will get you started:
>
> 01 //FTPS EXEC PGM=FTP,REGION=4M,
> 02 // PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/10.1.1.1 5521 -e')
> 03 //STDENV DD *
> 04 GSK_PROTOCOL_TLSV1_2=ON
> 05 //* GSK_TRACE=0xFFFF
> 06 //* GSK_TRACE_FILE=/tmp/gsk.trc
> 07 //* The 2 stmts above can be temporarily uncommented for debugging
> 08 //SYSFTPD DD *,SYMBOLS=(JCLONLY)
> 09 CLIENTERRCODES EXTENDED
> 10 EPSV4 TRUE
> 11 EXTENSIONS AUTH_TLS
> 12 FWFRIENDLY TRUE
> 13 KEYRING TCPIP/your.FTP.KEYRING
> 14 PASSIVEIGNOREADDR TRUE
> 15 SECUREIMPLICITZOS FALSE
> 16 SECURE_FTP REQUIRED
> 17 SECURE_MECHANISM TLS
> 18 SECURE_DATACONN PRIVATE
> 19 SECURE_CTRLCONN PRIVATE
> 20 SECURE_HOSTNAME REQUIRED
> 21 TLSMECHANISM FTP
> 22 TLSRFCLEVEL RFC4217
> 23 TRACE
> 24 //*
>
> Line
> 02 _CEE_ENVFILE_S=DD:STDENV
> - Allows you to specify LE overrides via a SYSIN DD rather than a VB
> dataset
> 0.1.1.1 5521
> - Your server IP address & port
> -e
> Exit step with FTP return code instead of 0 (probably overridden)
>
> 05 & 06
> GSK_TRACE...
> Turns on GSK tracing for FTP client, writes trace records into
> /tmp/gsk.trc file
> Use gsktrace "gsk.trc > gsk.out" command to format into human
> readable. Very helpful
>
> 13 You will have to have a public/private key known to the server, and a
> public key or
> CA cert shared with the client (if on the same system, then on the
> same key ring is fin)
>
> 11 & 16 are also important
>
>
> You'll need to use the manuals to understand most of the commands, but
> this will get you started.
>
> Some of these manuals may help:
>
> SC14-7495-30 Cryptographic Services System Secure Sockets Layer Programming
>
> SC27-3651-30 IP Configuration Reference
>
> GC27-3652-30 IP Diagnosis Guide may be useful if you are getting GSK
> errors.
>
> SA23-2292-30 Security Server RACF Command Language Reference contains the
> syntax for the RACDCERT instructions.
>
> HTH,
> Wendell Lovewell
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
--
Politics: Poli (many) - tics (blood sucking parasites)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
