3270 Emulator Software (Splitv)
To respond to John Chase's question, BlueZone does support 62 x 160 with 4 explicit partitions to do split and splitv. The 3290 terminal size (62 x 160) is set in the 3270 Emulation Parameters Tab. Set the device type to Dynamic in the TN3270 settings Device Tab. Enable the Multiple Explicit Partitions checkbox (depending on BZ version). In ISPF, you have to set your terminal to screen format=4 (part), terminal type=5 (3290A). After all that, you must disconnect and reconnect the session. When you enter ISPF, you will be in 62 x 160 mode so the font will be tiny. Type split to split the session into two (top and bottom). Type splitv in each of the ISPF sessions to split them vertically. Steve Bireley Rocket Software www.bluezonesoftware.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
ftp.exe and Vista
You can try BlueZone Secure FTP. It is free for commercial use and works well on Vista and works well with the mainframe. You will still have to resolve any firewall issues, but UAC should not be a problem as long as you have write access to the target directory. Steve Bireley SVP BlueZone Development Rocket Software 70 Main St. Suite 51 . Warrenton VA 22701 . USA Office: + 1 404 364 1731 . Mobile + 1 571 216 3530 Email sbire...@bluezonesoftware.com Web: www.bluezonesoftware.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Is there a Web enabled TN3270 on z/10's running z/OS 1.9
Hi Cynthia, Under the web-enabled heading are a several solutions that provide TN3270 emulator, or emulator-like access to Z. IBM does not ship one with Z but has Host on Demand and HATS. Since you are going to replace a real emulator with a web-enabled one, opt for a product that downloads a client to the PC and runs it either inside the browser or as a separate window. There are a variety of ActiveX, Java, and Win32 web-enabled terminal emulators on the market that run directly from the Z/OS HTTP server. Some require the Web Sphere Application Server, while others will run from the Z/OS HTTP server, and do not require an application server. HTML emulators are not really suitable as a general emulator replacement, but are geared more toward casual use, anonymous use, or as the basis for GUI web enablement. Heads-down emulator users will find the HTML emulator too slow and that it operates differently from a real emulator. HTML emulators have their place, but not as an overall replacement for Aviva. Your Aviva users will probably expect a high level of functionality in any replacement you choose. Depending on the size of your organization, there may be some custom applications, macros, scripts, and other automation that have become part of daily operations. These will have to be migrated to the new solution to minimize the impact on the users. The migration also provides an opportunity to get these unmanaged or ad hoc processes under control and centrally managed. Good Luck. Steve Bireley VP BlueZone Product Development Rocket Software www.bluezonesoftware.com Emulation, Integration, File Transfer BlueZone Secure FTP is Free -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Screen size (was 3270 emulator cost)
BlueZone supports custom default and alternate sizes up to 90 x 162 and is easily configured. It also supports multiple explicit partitions allowing split and splitv in ISPF to display 4 sessions. Steve Bireley BlueZone Software Bluezone Secure FTP is Free -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
3270 session disconnects
I agree with Hal that it is a firewall issue. We typically recommend enabling a keep-alive timer to satisfy the firewall inactivity timeout feature. The NOP keep-alive option simply sends a couple of bytes from the client at a configurable interval, which is usually fine. You can also use the time mark function of the telnet server, but the time mark interval needs to be short enough to satisfy the firewall's inactivity timer. Good Luck! Steve Bireley VP BlueZone Development Rocket Software www.bluezonesoftware.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: PK67193 and z/OS 1.9
This is from the Filezilla web site concerning the issue with 3.1.0.1 and various FTP TLS servers. This was sent to me by another person on the list a few months ago and describes the issue. Steve Bireley BlueZone Software http://trac.filezilla-project.org/ticket/3626 Also 2008-07-24 - Security Advisory FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are handled on SSL/TLS secured data transfers. If the data connection of a transfer gets closed, FileZilla did not check if the server performed an orderly TLS shutdown.Impact An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases. Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.Affected versions All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: FTP MEMBERS FROM PC TO MAINFRAME (HOW TO)
http://www.tucows.com/preview/361716 Seagull free version of the FTP client. A much newer version is available at www.bluezonesoftware.com. It is still free, no registration required, and includes SSL/TLS and SSH, so the userID, password, and data are all encrypted. Steve Bireley BlueZone Software -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
TN3270 for Iphone
We have seen issues testing telnet connected emulators from various wireless devices including Windows phones, Blackberrys, Iphones, tablet computers, PDAs, and laptops. The main problem is that switching cells or mobile access points drops the telnet connection and user session. It is ideal to have a device in the middle to maintain the connection to mainframe while allowing the client phone to connect, disconnect, reconnect, etc. without issue. There are native emulator apps for a various phones that do this (I am not sure if Mocha does or not). Or, if you convert the mainframe screen to html or convert it into a special purpose web app, it will work on any device that has a browser, including a Blackberry and Iphone. Steve Bireley BlueZone Software www.bluezonesoftware.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
ReDigital Certificate Implementation TN3270
Hi Melissa, Your emulator may have some options for certificate handling that prompt the users if the certificate is not trusted, allowing them to trust it so they will not be prompted in the future. Or, it may also have an option to always trust invalid certificates, preventing the message from appearing at all. The connection will still be encrypted, but the client will ignore the fact that the root certificate is not installed locally. Since switching to SSL requires a configuration change on each client, you may be able to set one of these options. You may also have the opportunity to put the certificate on the machine at this time as well. Some emulators use the MS certificate store allowing you to push your root certificate to IE using Active Directory group policy. If the root certificate must be in a private store for the emulator, you may be able to push it out with your software distribution tools. Steve Bireley BlueZone Software www.bluezonesoftware.com Emulation, Integration, Free Secure FTP -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Filezilla 3.1.0.1 broken for z/OS 1.7 and 1.9
Gibney, Dave wrote: Looks to be correct. I never got that far with using client certificates, yet. Still SSL clients that speak z/OS also are still rare (especially free ones). I've come to depend on it and hope it can be fixed. BlueZone Secure FTP is free and supports client certificates for authentication. It can store the client certificate in its own store or use personal certificates from the Microsoft store. The easiest way is to use the browser to import the certificate into the MS personal certificate store then, configure BlueZone to use it (check box). At connect time, the user is prompted for the client certificate private key password prior to the client sending it to the mainframe. If you are using a FIPS configured workstation, and BlueZone is configured to run in FIPS mode, the algorithm used to sign the client certificate must also be FIPS compliant or BlueZone will display an error when attempting to open the private key with the password. That said, you should not be able to import a non-FIPS compliant certificate into a FIPS enabled workstation's certificate store, so it should not be an issue. Steve Bireley BlueZone Software www.bluezonesoftware.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 3290 partitions was Re: 3270 Software for Mac
We added 3290 support a few years ago for a customer who was forced to give up his real 3290 terminal. He used Split/VSplit in ISPF. Only a handful of people use it, but the ones that got used to it like to have it. Steve Bireley BlueZone Software Date:Thu, 12 Jun 2008 11:26:43 EDT From:Ed Finnell [EMAIL PROTECTED] Subject: Re: 3290 partitions was Re: 3270 Software for Mac In a message dated 6/12/2008 10:03:08 A.M. Central Daylight Time, [EMAIL PROTECTED] writes: The only 3290's we ever had were used as consoles, so I never had a chance to play with this. I think ISPF supported them at one time (maybe still does). Somebody gave us a few 3290's many moons ago but not the 3174 feature. So we ended up paying and then we needed another Meg and then we needed the hard disk it kept going downhill. I think they were a major contributor to TN3270 conversion. The fact that IBM held the cash cow so long-think they were still charging $1400 for a 20MB hard drive when commercial 60 GB were under a $100US. Then maybe from this list we found large screen VGA support for INFO/Windows and that was pretty much the end of 3174's. Think VSPLIT was the ISPF contribution but it was alien to the way most folks operated and never garnered much enthusiasm. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SSL to Printers
Many printer vendors support IPP (Internet Printing Protocol). It supports HTTPS to encrypt the data. I am not sure which, if any, mainframe printing products support the protocol. Check with LRS, McKinney, and IBM to see if their products support it. SSL encryption of TN3270E printer sessions is possible and easy to implement. You can attach the printers to a dedicated PC using USB. You can build a multi-session print server by running several instances of a TN3270E printer client. Do LPR/LPD to a PC running an LPD print daemon. Use an IPSEC VPN to encrypt the data between the host and the PC. Connect the printer to the PC using USB. LPD can support many target printers using a single IP/PORT and different queue names. PC based LPDs are cheap. Buy an ESCON to USB print server appliance running TN3270E print sessions or LPD print sessions. The device looks like a 3172 to the mainframe and server routes the printer data to printers defined in Windows. Good Luck Steve Bireley BlueZone Software www.bluezonesoftware.com BlueZone Terminal Emulation BlueZone Free Secure FTP -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Single signon with AD and kdc on z/OS
Are you trying to authenticate TN3270 users, FTP users, or some other type? As far as I know, Z/OS does not support Kerberos for TN3270, but does for some other access methods. I am interested in this subject also. Good Luck! Steve Bireley BlueZone Software Integration-Emulation-Security Free Bluezone Secure FTP 1-404-364-1731 www.bluezonesoftware.com Date:Tue, 27 Nov 2007 11:24:19 -0700 From:Steve Bui [EMAIL PROTECTED] Subject: Single signon with AD and kdc on z/OS. Is anyone currently implementing a single signon solution to authenticate userid/password on zOS using kdc and an AD on other platform? Thx. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Subject: Secure FTP Config: CIPHERSUITE statements?
Hi John, My understanding is that the client and the server will use the first cipher suite they agree on. You should arrange them in order of preference (strongest to weakest) so the first cipher both sides agree on is the strongest. If you are using BZ FTP, click on the lock icon on the status bar to see which suite was negotiated. You can change the list on the mainframe and try it again. Steve Bireley Vice-President Product Development BlueZone Software www.bluezonesoftware.com Free BlueZone Secure FTP -- Date:Thu, 18 Oct 2007 09:33:17 -0500 From:Chase, John [EMAIL PROTECTED] Subject: Secure FTP Config: CIPHERSUITE statements? Hi, All, Is it better to order the CIPHERSUITE statements from weaker to stronger, or from stronger to weaker? Why? TIA, -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
More SSL/TLS and FTP woes
John, In Z/OS 1.7 the Implicit SSL/TLS is no longer supported for FTP. You need to use Explicit (Auth SSL). The support for Explicit has changed, so you should upgrade to BlueZone Secure FTP 4.2. Z/OS 1.7 and BlueZone 4.2 support RFC-4217. http://rfc.net/rfc4217.html We have separated BlueZone Secure FTP from the BlueZone package and give it away free for personal, commercial, or government use. This replaces BlueZone FTP (non-secure) and Seagull Free FTP. It installs in a different folder, so you can test it without breaking for upgrading your current BlueZone Desktop or Web-to-Host install. BlueZone Secure FTP still ships with BlueZone and installs/upgrades the same way. BlueZone Secure FTP support SSL/TLS, SSH, IPV6 and uses FIPS 140-2 encryption for SSL/TLS. You can download it at http://www.bluezonesoftware.com/products/secure-ftp . No login or email address is required. You can choose to register it or not. Steve Bireley Vice-President Product Development BlueZone Software 1-404-364-1731 www.bluezonesoftware.com www.rocketsoftware.com Date:Wed, 17 Oct 2007 09:03:17 -0500 From:Chase, John [EMAIL PROTECTED] Subject: More SSL/TLS and FTP woes Hi, All, I couldn't find anything relevant to the problem du jour in the archives or the CS for z/OS 1.7 TCPIP Implementation Volume 2 Redbook, so.. I'm able to employ SSL/TLS for FTP using the Bluezone FTP client, but only if I configure it to use port 21 and AUTH_TLS. I cannot get it working via implicit secure FTP using port 990; the z/OS 1.7 FTPD replies connection refused. AFAICT, I have all the ducks lined up in a row, with one possible exception: I don't explicitly reserve port 990 (and 989?) in the PORT configuration statement of PROFILE.TCPIP. The IP Configuration Reference manual suggests it's not necessary to do so. Might this be the missing link after all? Do I need to (additionally) explicitly specify the statements in FTP.DATA that the manual says are defaults for TLS_PORT, etc.? TIA, -jc- Steve Bireley Vice-President Product Development BlueZone Software 1-404-364-1731 www.bluezonesoftware.com www.seagullsoftware.com www.rocketsoftware.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Help : FTP A PDS
Seagull Software has a free Windows FTP client that handles PDS's well. You can get it from Cnet, ZDnet, or directly from the Seagull website at .seagullsoftware.com. Steve -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 3270 Emulator Attachmate Extra + CA-Solve
Hi Mike, Are the spaces missing right when you paste or after you hit an AID key to send the pasted data to the host and the host has rewritten the screen? Pasting into an emulator is a local function that does not show up on a trace until the screen is updated by the host. A trace of the data sent to solve would show you whether the spaces between words are space characters or nulls and might give you some idea of what the problem is. Steve Bireley Seagull Software www.seagullsoftware.com -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Mike Baker Sent: Friday, April 28, 2006 5:25 AM To: IBM-MAIN@BAMA.UA.EDU Subject: 3270 Emulator Attachmate Extra + CA-Solve Hi, We have a problem with Attachmate Extra's ability to handle spaces, but the problem only happens when cutting and pasting text in the CA problem management tool called SOLVE. Here is what happens:- I'll copy some text (from inside SOLVE), and then paste it, and all of the spaces disappear and the words will all be scrunched together. Hence you need to waste time spacing them all out (again). However, Attachmate Extra works just fine when working inside TSO/ISPF, or in any of our other mainframe applications (ie: CICS, IMS, etc). The spaces are preserved (as is to be expected). I've tried changing the Edit Setting for the Cut/Clear Filler option, to say Replace with spaces, and it does not make any difference. However, when we use a different 3270 Emulator, then there is no problem. Emulators which do not have this problem include IBM eNetwork Personal Communications, and also Host on Demand. Sorry, but I cannot say what version Extra we're running, as I'm posting this message from home and using the IBM emulator, not Extra. Does anyone have any idea what's going wrong with EXTRA, and how perhaps to fix this (time-wasting) problem?? All suggestions appreciated. Thanks very much. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Seagull's Bluezone problem
Hi Frank, You should not need admin rights to run BlueZone. It may be a setting in the Setup.ini that allows you to force all users setting into the HKLM key in the registry. This is an optional mode that allows multiple users on the same machine to share some settings. Or, it could also be that the Web-to-Host control is set to ActiveX and the User's profile is not permitted to run ActiveX. Feel free to email me off the list and I can help you. Best Regards, Steve Bireley Vice President Product Development Seagull Software [EMAIL PROTECTED] -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Howard Brazee Sent: Montag, 30. Januar 2006 11:46 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Seagull's Bluezone problem On 30 Jan 2006 08:23:55 -0800, [EMAIL PROTECTED] wrote: I can make them a local administrator, and they can log in. Bluezone installs something, and all works well. I then remove their local administrator rights, and it doesn't work again. I don't have administrator rights and I used Bluezone with W2K and now with WXP.I don't know what rights I have though. (I had to have a PC person log my computer in as administrator today to set HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\ContentIndex to 1 so that Windows search works correctly). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 Emulator
Howard and Tom, When BlueZone is deployed via a web server, the desktop icon is configured and controlled by the administrator. It is typically created to provide a mechanism to launch BlueZone sessions in the event that the web server is unavailable. If the web server cannot be contacted, the Session Manager interface pops up, allowing you to run previously saved BlueZone sessions. One of the big objections to Web-to-Host deployment is the reliance on Windows-based web servers that might not be quite as reliable as the mainframe TN3270E server. This feature eliminates that issue. I cannot tell if that is how you are configured without looking at a client system or the server side installation. Feel free to email me off of the list if you would like more detailed information. Best Regards, Steve Bireley Vice-President Product Development Seagull Software www.seagullsoftware.com [EMAIL PROTECTED] -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Howard Brazee Sent: Tuesday, October 18, 2005 9:08 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 Emulator On Mon, 17 Oct 2005 21:03:40 -0500, Tom Longfellow [EMAIL PROTECTED] wrote: I just got through configuring Bluezone Web to Host. I saw an option for whether to create those Windows Desktop icons. The default is to create them, but it looks like it could be turned off. Is that a client side setting or a server side? I looked for that setting on my client settings and did not find it. Help shows me: The BlueZone Session Manager provides a graphical environment for the purpose of viewing and managing BlueZone emulation client sessions. BlueZone Session Manager can be used to launch pre-configured sessions, create new sessions, delete sessions and create desktop icons. BlueZone Session Manager can be automatically installed with BlueZone Desktop. During the BlueZone Desktop installation, you can choose whether or not you want Session Manager to start automatically with Windows. This feature is controlled by the BlueZone Administrator. Looks like it might not be a user option. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: 3290 datastream question
I agree that it is always better to use the IBM docs and hardware as the reference. There is enough information in them to write a complete 3290 emulation. In response to Shmuel's questions... We implemented split and vsplit for a customer who was being forced (in the name of progress ; )) to give up his real 3290 terminal. Our goal was to support 62 x 160, split and vsplit. BlueZone already had support for Explicit Partitions, Graphics, Programmed Symbols, Extended Attributes, etc. I am not sure how some of those non-3290 features would work in split and vsplit modes. If you have any specific questions about it, feel free to contact me off line. Charles Mills brings up a good point about intellectual properly rights. I have no authority to approve the reverse engineering of anything. I am not a lawyer and cannot render an opinion on what the language in any click-wrap agreement actually means. It is always better to err on the side of caution. All statements and opinions I post are my own and not the company's. Steve Bireley -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Secure FTP on the Mainframe
Howard Rifkind wrote. Howard Rifkind [EMAIL PROTECTED] wrote:We would like to install Secure FTP in our maiframes TCP/IP configuration and I have no idea how to do this. Would some one be kind enough to point me in the right direction where to start and what manuals to check out, and what to be aware of. I'm not really prime time with TCP/IP. Thanks. Howard, Something to be aware of when using SSL/TLS with FTP is how these sessions will make it through a firewall. If your users will be coming through the Internet to your mainframe FTP server, you may have some difficulty unless you plan for it up front. The FTP protocol requires two connections, a Control connection and a Data connection. Normally, a firewall scans the data on the control port looking for the PASV response from the server that tells the client how to connect the data port. Since the data stream is encrypted, the firewall cannot get this information. This issue is further compounded when you add Network Address Translation in the firewall. To handle the first case, your FTP server must be able to define a narrow range of ports that it will assign as data ports for the data connection. This can be one or more ports. These ports must then be open on the firewall. The PASV response from the host will contain the IP address and port the client to which the client will connect the data port. The firewall will have an open range of ports to accommodate the data connection. If NAT it enabled in the firewall, then the FTP server will send back its true IP address and port, in the PASV response, rather than the public IP address and port. Since the firewall cannot see the PASV response, it cannot fix it on way as it does with clear text FTP. To get around this, some FTP clients and servers support EPSV rather than PASV. In this case, the FTP server only returns the port number and the client assumes the IP address to be the same as the control port. In other cases, the FTP client can be configured to always connect the data connection to the same IP as the control connection. Both of these situations can be handled using a Secure FTP Proxy server that sits in front of a non secure FTP server. Good Luck! Steve Bireley Vice-President Product Development Seagull Software www.seagullsoftware.com Seagull Free FTP BlueZone Secure FTP BlueZone Terminal Emulation Seagull Security Server -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Trying to get FTP SSL going.
Hal, Are you using both the IBM Z/OS client and server? We have been doing a lot of testing the last few days with 1.4. Some things have changed since 1.3 including the TLS negotiation. Following the Auth TLS, the client should send PROT P and PBSZ 0 to complete the negotiation. The 1.4 client does not send the last two items by default, which can cause problems with RFC compliant FTP servers. We have gotten the 1.4 client to work with our SSL FTP proxy by making changes to the client configuration in both TSO and Batch mode. I will see if I can get more info for you. -Steve Bireley Seagull Software -Original Message- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html