On Wednesday, 12/01/2010 at 11:43 EST, "Schuh, Richard" <rsc...@visa.com> wrote: > Thanks for the reply, Alan. So it is not possible using RXSOCKET. Is it > possible from a CMS client running a home-grown assembler or Pipelines program, > or is it a lost cause?
A lost cause, I would say. Implicit/Static TLS/SSL is available for any TCP/IP *server* without regard to the interface being used. I.e. an IUCV, C, RxSocket or Pipeline server can be protected by the SECURE parameter on the PORT statement. However, there is no such support for clients. If a connection to a SECURE port (static) comes from an app on the same stack AND the SecureLocal parm is specified, the stack will treat it as it would an inbound external connection and route the connection through the SSL server on behalf of the *server* side only. For clients, only dynamic/negotiated TLS/SSL support is available, and that is only via the VMCF/Pascal API. Btw, I don't see very much pressure being placed on z/VM to provide client-side TLS support for homegrown RxSocket or Pipeline apps. I see slightly more pressure for VM to provide user certificate-based single- and two-factor authentication for TN3270E (and, inevitably, ftp and smtp). Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 alan_altm...@us.ibm.com IBM Endicott
