Anyone ordering maintenance post May 1st using FTPs to download? Here was the
announcement:
As of May 1, 2021, to download files from IBM's secure delivery server using
FTPS, it is necessary to enable TLS 1.2 in the z/OS Communications Server FTP
client program.
So, we've enabled ATTLS via PAGENT
TTLS Action: cAct4~TEC1_FTP_Client_Applicati
Version: 3
Status: Active
Scope: Connection
HandshakeRole: Client
CtraceClearText: Off
Trace: 2
TTLSConnectionAdvancedParms:
SecondaryMap: On
SSLv3: Off
TLSv1: Off
TLSv1.1: Off
TLSv1.2: On
TLSv1.3: On
ApplicationControlled: On
CertificateLabel: DigiCert Global Root CA
Connection try fails on handshake. Oddly, says TLSv1 from the IBM end.
EZA1701I >>> AUTH TLS
SC3362 getReply: entered
SC4549 getNextReply: entered with waitForData = TRUE
234 SSLv23/TLSv1
SC4241 getLastReply: entered
FC3101 authServerAttls: entered
SC4405 getFNDELAY: entered
SC4440 setFNDELAY: entered
FC3140 authServerAttls: Start Handshake
FC3149 authServerAttls: ioctl() failed on SIOCTTLSCTL - EDC8121I CONNECTION
RESE
T. (errno2=0x77A9733D)
SC4440 setFNDELAY: entered
EZA2897I Authentication negotiation failed
SC4289 inSession: entered
EZA1534I *** Control connection with dispby-117.boulder.ibm.com dies.
SC4332 SETCEC code = 10
SC3610 endSession: entered (sn=27733B18)
SC2776 dataClose: entered
SC3693 endSession: recv() failed - EDC8121I CONNECTION RESET.
(errno2=0x76650446
)
Its entirely possible that the PAGENT policy on our end is not correct, but its
also not out of the realm of possibility that there are problems on IBM end and
i why I am asking here if anyone else converted to TLSv1.2 as documented?
Thanks, Dave
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
