SSL on Port 21 usually is Explicit and on 990 Implicit. The difference between the two being that in Explicit the client gets to decide by sending the AUTH command when the SSL handshake happens. On Implicit the SSL handshake happens right after connect. You could use the command line openssl s_client utility to check where things are breaking down.
$ openssl s_client -connect ftp.zosserver.com:990 _____ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Marian Turczyn Sent: Tuesday, November 03, 2009 8:44 PM To: openssl-users@openssl.org Subject: Re: SSL port 990 mainframe ??? Hey thanks so much for the reply. Yes, the tcp/ip port definitions are the same for port 21 as for port 990. Port 21 is working, ftp over ssl/tls ... Port 990 is defined the same within tcp/ip ... I do make a connection after the ftp is initiated, then I get dropped perhaps that is in the omvs segment ??? Not sure ?? ... Port 21 and 990 imply different things by definition however both should be able to do ftp over ssl/tls and I do have one (21/ssl/tls) working. So what am I missing ?? : { Thanks for giving my problem some thought ! -m On 11/3/09 5:04 PM, "William Adams" <wla...@gmail.com> wrote: i may not have a clue; but here are a couple of things to check. lots of tcpip profiles run with port reservations. the ftp server has to be configured to listen on 990 which is probably is if the connection is sucessful. but if it is and the mainframe is running RACF(or equivilent) that defines port access in terms of facility, there should be some error messages in the syslog if that is the problem. the tcpip profile should show you whether or not the privleged port are reserved. On Tue, Nov 3, 2009 at 2:22 PM, Marian Turczyn <turc...@isc.upenn.edu> wrote: Hello Folks ... I have had ssl handshaking (ftp over ssl) on port 21working between a mainframe running z/OS 1.8 and any platform, aix, windows, linux, no problem. I am now trying to do the same with port 990 and for the life of me cannot get it to work. The connection to port 990 is successful however the host (mainframe) drops my connection immediately. I have tried both implicit & explicit ftps ... My question is does anyone know anything 'odd' about port 990, ssl and the mainframe ??? Thanks so much to anyone with a clue : } Marian No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.424 / Virus Database: 270.14.46/2477 - Release Date: 11/02/09 19:39:00
