This does work if the program is calling System SSL directly. Unfortunately if your using AT-TLS it does not work. You need to add/update the trace parameter in your AT-TLS configuration.
FTPD and the TN3270 server no longer support calling System SSL directly and must use AT-TLS starting withe z/OS 2.5. On Tue, 26 Aug 2025 17:35:34 -0500, Charles Mills <[email protected]> wrote: >The list does not allow attachments. If anyone would like a PDF copy I believe >my e-mail is above. > >Corrections, additions, plaudits, brickbats -- all welcomed. > >How to Get a System SSL Trace >March 11, 2023 >• In the PARM= for the process that is calling System SSL (FTPD, your >program, etc.) >ENVAR("GSK_TRACE=0xFFFF") > >The above goes in PARM= before any slash, for example >// PARM='ENVAR("GSK_TRACE=0xFFFF") POSIX(ON) ALL31(ON)/&PARMS' >• Or >//CEEOPTS DD * >• # to comment out >ENVAR("GSK_TRACE=0xFFFF") >/* >• Run the failing test >• The trace file ends up in /tmp/, with a name like gskssl.67174425.trc. >Check the date and time to make sure you have the right one. (ls –l) >• Make the trace readable with gsktrace gskssl.67174425.trc > output_file >• You can then view output_file in an editor >• Or to see the trace, open /tmp/ in ISPF 3.17 Directory List. Look for >the newest file with a name like gskssl.nnnnnnnn.trc. (The .trc will not show >up in the Edit Directory List but you can see it with the I command. Type >gsktrace /tmp/gskssl.nnnnnnnn.trc on the command line and the trace will open >in an Edit window. (Or save it with > trace.txt) >• (You need Enter z/OS UNIX commands in Command field turned on in >Directory List Options to make this work.) >• Don’t forget to take the trace out of the JCL or you will generate a >lot of tmp every time you run! > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
