Classification: Confidential IBM made a change to no longer accept non-secured connections due to some EU privacy laws. IIRC July 2021 or so. HTTPS or FTPS is required. I do not know if AT-TLS is one of the accepted protocols.
HTH, -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Michael Babcock Sent: Monday, February 27, 2023 6:46 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Can you connect to the PTF download site with z/OS FTP? [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] We have been using plain old FTP to IBM (downloading enhanced hold data) for quite a while now and in the last week or so, we had to convert to using FTPS (TLS 1.2). So to me, it appears IBM made a change and now requires a secure connection. Yes, I know we can use SMPE RECEIVE ORDER, and we do but we had a STEP in one of our jobs that used the old way. On Mon, Feb 27, 2023 at 6:24 PM Charles Mills <charl...@mcn.org> wrote: > FWIW what you show is in conflict with what Paul Gorlinsky wrote: that > IBM did not support FTPS. > > (I'm not trying to pick a fight. I have reasons for wanting to get > FTPS to > work.) > > I see that you are using AT-TLS and that is goodness of course but it > should not make a huge difference bottom line. I wonder why mine is failing. > > At least I know the problem is not V2R5. That's a help. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Ed Jaffe > Sent: Monday, February 27, 2023 10:38 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Can you connect to the PTF download site with z/OS FTP? > > On 2/27/2023 9:32 AM, Charles Mills wrote: > > > > Starting I think with V2R5 you need AT-TLS for the FTP server, and > > for > TLS 1.3 (only) on the client. > > Don't know about TLS 1.3 (we don't use that yet), but it clearly still > supports TLS 1.2. See below: > > EZA1450I IBM FTP CS V2R5 > EZA1466I FTP: using TCPIP > EZA1456I Connect to ? > EZA1736I public.dhe.ibm.com > EZYFT18I Using catalog '/usr/lib/nls/msg/C/ftpdmsg.cat' for FTP messages. > EZA1554I Connecting to: public.southdata.ibm.com 170.225.126.18 port: 21. > 220-********************************************************************** > * * > * IBM's internal systems must only be used for conducting IBM's * > * business or for purposes authorized by IBM management. * > * * > * Use is subject to audit at any time by IBM management. * > * * > * Important Please read * > * * > * Machine Code updates provided through this site are available * > * only for IBM machines that are under warranty or an IBM hardware * > * maintenance service agreement Code for operating systems or other * > * software products is available only where entitled under the * > * applicable software warranty or IBM software maintenance * > * agreement. All code (including Machine Code updates, samples, * > * fixes or other software downloads)provided through this site * > * is subject to the terms of the license agreements which * > * govern the use of the associated code. Some exceptions may * > * apply.IBM reserves the right to change, modify or withdraw its * > * offerings,policies and practices at any time. * > > ********************************************************************** > 220 ProFTPD Server (proftpd) [170.225.126.18] > FC0296 ftpAuth: security values: mech=TLS, tlsmech=ATTLS, tlsreuse=N, > sFTP=A, sCC=C, sDC=P > FC2975 ftpAuthAttls: AT-TLS policy set as application controlled. > FU2420 TTLSRule: PSI_FTP-Client~1 > FU2426 TTLSGroupAction: gAct1 > FU2432 TTLSEnvironmentAction: eAct1~FTP_Clients > FU2439 TTLSConnectionACtion: cAct1~FTP_Clients EZA1701I >>> AUTH TLS > 234 AUTH TLS successful > FC3144 authServerAttls: Start Handshake > FC3175 authServerAttls: FIPS140 not enabled > FC3212 authServerAttls: Using TLSv1.2 protocol > FC3230 authServerAttls: SSL cipher: 002F > FU2135 getCtrlConnCertAttls: Request certificate, size 1751 > FU2755 getSessionIdAttls: Issuing SIOCTTLSCTL to get decoded AT-TLS > Session ID EZA2895I Authentication negotiation succeeded > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Michael Babcock OneMain Financial z/OS Systems Programmer, Lead ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
