Yes and add the line for 992 ..
or just change your 23 to 992 ..
-----Original Message-----
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu]on
Behalf Of Tyler Koyl
Sent: Wednesday, March 11, 2009 1:52 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: SSL Server on z/VM 5.4 RSU 802 - Static SSL vs Dynamic
SSL\TLS
Sweet. The you would have to comment out or remove:
; 23 TCP INTCLIEN SECURE ZVMCER01 ; TELNET SERVER
Tyler
"Huegel, Thomas"
<thue...@kable.com>
Sent by: The IBM To
z/VM Operating IBMVM@LISTSERV.UARK.EDU
System cc
<ib...@listserv.uar
K.EDU> Subject
Re: SSL Server on z/VM 5.4 RSU 802 -
Static SSL vs Dynamic SSL\TLS
03/11/2009 12:49 PM
Please respond to
The IBM z/VM
Operating System
<ib...@listserv.uar
K.EDU>
I have something like this ..
INTERNALCLIENTPARMS
PORT 992
SECURECONNECTION REQUIRED
TLSLABEL ZVMCER0
ENDINTERNALCLIENTPARMS
Also:
In the SYSTEM DTCPARMS ... EXEMPT LOW makes it more secure..
:parms.KEYFile /etc/gskadm/Database.kdb EXEMPT LOW MAXUSERS 200
-----Original Message-----
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu]on
Behalf Of Tyler Koyl
Sent: Wednesday, March 11, 2009 1:17 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: SSL Server on z/VM 5.4 RSU 802 - Static SSL vs Dynamic
SSL\TLS
My next question is whether I should be going with Static SSL or Dynamic SSL/TLS
connections? I have setup the Static SSL for Telnet by adding the following to
my TCPIP Profile:
AUTOLOG
SSLSERV 0
FTPSERVE 0
ENDAUTOLOG
....
PORT
20 TCP FTPSERVE NOAUTOLOG ; FTP SERVER
21 TCP FTPSERVE ; FTP SERVER
23 TCP INTCLIEN SECURE ZVMCER01 ; TELNET SERVER
....
SSLSERVERID SSLSERV TIMEOUT 60
....
INTERNALCLIENTPARMS
SECURECONNECTION REQUIRED
ENDINTERNALCLIENTPARMS
I am using a sefl-signed cert and SSL seems to be working just fine. I have
tested this with x3270, c3270 and TN3270 (SDI) and I see the following in the
SSLSERV Log:
Client 10.254.3.81:36396 Port 23 Label ZVMCER01 Cipher RC4_128_SHA Connection
established.
So at this point I am assuming that my telnet sessions are secure (or more
secure). However, I do get the following disturbing message in the TCPIP log at
initialization:
DTCSTM305I Telnet server: Secure Connections are REQUIRED
DTCSTM309I Telnet server: TLS Label is <none>
DTCSTM335E Telnet server: Unable to handle secure connections, no TLS label
specified
.
I believe this means that the telnet server itself will not handle the secure
connections (Dynamic SSL\TLS) but rather TCPIP will forward the request for the
secure port to the SSLSERV (Static SSL).
Wondering if I am going box myself in here when I go to secure FTP connections
and PERFSVM web access.
Tyler Koyl
Viterra Inc.
This e-mail and any attachment(s) are confidential and may be privileged.
If you are not the intended recipient please notify me immediately by return
e-mail,
delete this e-mail and do not copy, use or disclose it.
This e-mail and any attachment(s) are confidential and may be privileged.
If you are not the intended recipient please notify me immediately by return
e-mail,
delete this e-mail and do not copy, use or disclose it.
