Re: FTP TLS options

Frank, Good find! I'm saving this one! BobL -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Frank Swarbrick Sent: Tuesday, April 11, 2017 3:05 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options [ EXTERNAL ] So o

Re: FTP TLS options

2017 9:24 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options I'll pass that along to those in charge of such things. :-) Thanks. From: IBM Mainframe Discussion List on behalf of Tom Conley Sent: Monday, April 10, 2017 9:38 PM To: IBM-MAIN@LISTS

Re: FTP TLS options

I'll pass that along to those in charge of such things. :-) Thanks. From: IBM Mainframe Discussion List on behalf of Tom Conley Sent: Monday, April 10, 2017 9:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options On 4/10/2017 7:04 PM,

Re: FTP TLS options

level, but this appears to be what is occurring. From: IBM Mainframe Discussion List on behalf of Gibney, Dave Sent: Monday, April 10, 2017 8:03 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options I am at z/OS 2.1 and have EXTENSIONS AUTH_TLS TLSRFCLEVEL RF

Re: FTP TLS options

On 4/10/2017 7:04 PM, Frank Swarbrick wrote: I'm guessing there's a bit more to it than that, yes? Such as actually configuring Policy Agent? Frank, Sorry, thought you already configured PAGENT, but missed the PROFILE member, like I did the first time I tried it. If you run z/OSMF, you c

Re: FTP TLS options

LISTSERV.UA.EDU > Subject: Re: FTP TLS options > > Yes. But policy agent is not actually that hard...But on zOS GT 1.13 you need > zOSMF as well. > > Rob Schramm > > On Mon, Apr 10, 2017, 7:05 PM Frank Swarbrick > > wrote: > > > I'm guessing the

Re: FTP TLS options

ing Policy Agent? > > > From: IBM Mainframe Discussion List on behalf > of Tom Conley > Sent: Monday, April 10, 2017 3:46 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: FTP TLS options > > On 4/10/2017 3:15 PM, Frank Swarbrick wrote: > > Hi Mike. > > > >

Re: FTP TLS options

I'm guessing there's a bit more to it than that, yes? Such as actually configuring Policy Agent? From: IBM Mainframe Discussion List on behalf of Tom Conley Sent: Monday, April 10, 2017 3:46 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS opt

Re: FTP TLS options

On 4/10/2017 3:15 PM, Frank Swarbrick wrote: Hi Mike. I assume you mean: TLSMECHANISM ATTLS where the default (which we use) is TLSMECHANISM FTP Unfortunately we don't currently have AT-TLS set up. When I try to use it I get the following: AT-TLS not enabled on TCPCONFIG Does z/OS

Re: FTP TLS options

l 10, 2017 4:10 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options Frank, You should change to AT-TLS SECURE_MECHANISM ATTLS That will get TLSv1.2 support but just as important will allow you to use newer cipher suites. Many of the older cipher suites supported by the FTP client (or

Re: FTP TLS options

-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options Does z/OS 2.2 support TLS v1.2 for FTP clients without the use of AT-TLS? This new server we have is (currently) configured to support only TLS v1.2, and nothing earlier. We're trying to get approval to "back down" to TLS v1.0, but I

Re: FTP TLS options

this anyway. Frank From: IBM Mainframe Discussion List on behalf of Frank Swarbrick Sent: Friday, April 7, 2017 10:21 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: FTP TLS options We currently use the following options for client connections to an FTPS server: SECURE_MECHANISM TLS

FTP TLS options

We currently use the following options for client connections to an FTPS server: SECURE_MECHANISM TLS ;Use TLS, if supported by server SECURE_DATACONN PRIVATE ;Protect data connection when using TLS KEYRING FTPS/ftpsring ;Key ring for TLS encryption NETRCLEVEL2