Hi Marci, What do you mean by "security configuration"? If you are referring to RACF, we don't use it - we use VM:Secure and the Rules Facility. If you are referring to the INTERNALCLIENTPARMS just SECURECONNECTION PREFERRED and the TSLABEL statements. -Mike
-----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Marci Beach Sent: Thursday, March 26, 2009 7:33 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL Encryption For TN3270 What does your Security Configuration window look like and what values do you have set ? Marci Beach From: Michael Coffin <michaelcof...@mccci.com> To: IBMVM@LISTSERV.UARK.EDU Date: 03/25/2009 03:25 PM Subject: Re: SSL Encryption For TN3270 _____ Hi Alan, Good call on PREFERRED vs. ALLOWED, but unfortunately that didn't clear it up (but I think I will keep PREFERRED as the setting). I put a trace on Telnet but its 250+ lines so rather than include it in this email if you are interested you can see the trace here: <http://www.mccci.com/misc/telnet_trace.txt> http://www.mccci.com/misc/telnet_trace.txt Does anything look out of the ordinary in that trace? -Mike -----Original Message----- From: The IBM z/VM Operating System [ <mailto:IBMVM@LISTSERV.UARK.EDU> mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: Wednesday, March 25, 2009 1:45 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL Encryption For TN3270 On Wednesday, 03/25/2009 at 12:00 EDT, Michael Coffin <michaelcof...@mccci.com> wrote: > Thanks Miguel, you confirmed my understanding - but the darned client isn't > behaving the way it should. The client is Attachmate InfoConnect > 8.1. > > When a TN3270 client connects using SSL in Config 1 (explicit, no SECURE parm > on PORT) I see the connection open, the IP and port are reported, and the > connection closes immediately in the TCPIP console log. There is nothing on > the SSL server console (with TRACE ALL): > > 11:37:08 DTCSTM305I Telnet server: Secure Connections are ALLOWED > 11:37:08 DTCSTM309I Telnet server: TLS Label is NOTSHOWN > 11:44:17 DTCSTM163I Telnet server: Conn 0: Connection opened 03/25/09 at > 11:44:17 > 11:44:17 DTCPRC150I Conn 0: Foreign internet address and port: net address = > 10.215.0.218, port= 3651 > 11:44:17 DTCSTM349I Telnet server: Conn 0: Connection closed 03/25/09 at > 11:44:17 Try setting SECURECONNECTION PREFERRED in PROFILE TCPIP. If that works, please open a PMR so that we can figure out why ALLOWED doesn't work. The difference is whether (preferred) or not (allowed) the server proposes the use of TLS. Alan Altmark z/VM Development IBM Endicott