I have something like this .. INTERNALCLIENTPARMS PORT 992 SECURECONNECTION REQUIRED
TLSLABEL ZVMCER0 ENDINTERNALCLIENTPARMS Also: In the SYSTEM DTCPARMS ... EXEMPT LOW makes it more secure.. :parms.KEYFile /etc/gskadm/Database.kdb EXEMPT LOW MAXUSERS 200 -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu]on Behalf Of Tyler Koyl Sent: Wednesday, March 11, 2009 1:17 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL Server on z/VM 5.4 RSU 802 - Static SSL vs Dynamic SSL\TLS My next question is whether I should be going with Static SSL or Dynamic SSL/TLS connections? I have setup the Static SSL for Telnet by adding the following to my TCPIP Profile: AUTOLOG SSLSERV 0 FTPSERVE 0 ENDAUTOLOG .... PORT 20 TCP FTPSERVE NOAUTOLOG ; FTP SERVER 21 TCP FTPSERVE ; FTP SERVER 23 TCP INTCLIEN SECURE ZVMCER01 ; TELNET SERVER .... SSLSERVERID SSLSERV TIMEOUT 60 .... INTERNALCLIENTPARMS SECURECONNECTION REQUIRED ENDINTERNALCLIENTPARMS I am using a sefl-signed cert and SSL seems to be working just fine. I have tested this with x3270, c3270 and TN3270 (SDI) and I see the following in the SSLSERV Log: Client 10.254.3.81:36396 Port 23 Label ZVMCER01 Cipher RC4_128_SHA Connection established. So at this point I am assuming that my telnet sessions are secure (or more secure). However, I do get the following disturbing message in the TCPIP log at initialization: DTCSTM305I Telnet server: Secure Connections are REQUIRED DTCSTM309I Telnet server: TLS Label is <none> DTCSTM335E Telnet server: Unable to handle secure connections, no TLS label specified . I believe this means that the telnet server itself will not handle the secure connections (Dynamic SSL\TLS) but rather TCPIP will forward the request for the secure port to the SSLSERV (Static SSL). Wondering if I am going box myself in here when I go to secure FTP connections and PERFSVM web access. Tyler Koyl Viterra Inc. This e-mail and any attachment(s) are confidential and may be privileged. If you are not the intended recipient please notify me immediately by return e-mail, delete this e-mail and do not copy, use or disclose it.