Does anyone have a sample SSL/TLS client assembler program that uses the VMCF interface? And would you be willing to share it/ If so, it isn't a lost cause.
Regards, Richard Schuh > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark > Sent: Wednesday, December 01, 2010 2:11 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: z/VM 6.1, SSLSERV Question > > On Wednesday, 12/01/2010 at 11:43 EST, "Schuh, Richard" > <rsc...@visa.com> > wrote: > > Thanks for the reply, Alan. So it is not possible using > RXSOCKET. Is > > it possible from a CMS client running a home-grown assembler or > > Pipelines > program, > > or is it a lost cause? > > A lost cause, I would say. > > Implicit/Static TLS/SSL is available for any TCP/IP *server* > without regard to the interface being used. I.e. an IUCV, C, > RxSocket or Pipeline server can be protected by the SECURE > parameter on the PORT statement. > However, there is no such support for clients. If a > connection to a SECURE port (static) comes from an app on the > same stack AND the SecureLocal parm is specified, the stack > will treat it as it would an inbound external connection and > route the connection through the SSL server on behalf of the > *server* side only. > > For clients, only dynamic/negotiated TLS/SSL support is > available, and that is only via the VMCF/Pascal API. > > Btw, I don't see very much pressure being placed on z/VM to > provide client-side TLS support for homegrown RxSocket or > Pipeline apps. I see slightly more pressure for VM to > provide user certificate-based single- and two-factor > authentication for TN3270E (and, inevitably, ftp and smtp). > > Alan Altmark > > z/VM and Linux on System z Consultant > IBM System Lab Services and Training > ibm.com/systems/services/labservices > office: 607.429.3323 > alan_altm...@us.ibm.com > IBM Endicott >
