On 5/12/2021 1:51 PM, Dave Jousma wrote:
We are still broke since the 5/1 TLSv1.2 cutover on your end. We are assuming
its a problem on our end. We do have ticket open with ATTLS support group at
IBM.
We do have HTTPS service working, but continue to pursue, as not sure if
On 5/13/2021 8:54 AM, Michael Babcock wrote:
Oh, and the AT-TLS error was 402.
BPXF024I (STSYSLOG) May 12 20:26:41 X/TCPIP TCPIP 256
TTLS[280]: 15:26:41 TCPIP EZD1286I TTLS Error GRPID: 0017
ENVID: 008B CONNID: C6AD LOCAL: xxx.xxx.xxx.xxx..7199 REMOTE:
170.225.15.117..21
Oh, and the AT-TLS error was 402.
BPXF024I (STSYSLOG) May 12 20:26:41 X/TCPIP TCPIP 256
TTLS[280]: 15:26:41 TCPIP EZD1286I TTLS Error GRPID: 0017
ENVID: 008B CONNID: C6AD LOCAL: xxx.xxx.xxx.xxx..7199 REMOTE:
170.225.15.117..21 JOBNAME: RECV USERID: RULE:
Kurt,
Unless I'm doing something wrong, my testing does not bear that out.
The only cipher in the list was:
# Allow only AES ciphers
V3CipherSuites TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
PAGENT was refreshed. Here’s the DEBUG ALL output.
SC0588 initConnection: Calling getaddrinfo()
>This was confirmed by an individual that supports the server. The
>ciphers mentioned on the IBM Support page are a subset of the ciphers
>actually enabled.
>https://www.ibm.com/support/pages/node/6417233
>I hope this helps. Is anyone still having trouble connecting?
>Kurt Quackenbush --
On 5/10/2021 4:57 PM, Michael Babcock wrote:
I did some testing on our sandbox (I commented out all ciphers except the
one I was interested in and refreshed policy agent) and here’s what I found.
The ECDHE ciphers were rejected but the TLS_RSA_WITH_AES_256_CBC_SHA did
work (I didn’t try the
ftp_client_ciphers
> > {
> > # Sample ciphers. Should be customized!
> > V3CipherSuitesTLS_RSA_WITH_AES_256_CBC_SHA
> > V3CipherSuitesTLS_RSA_WITH_3DES_EDE_CBC_SHA
> > V3CipherSuites
:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SMPE Receive Order post May 1st
[[ SEI WARNING *** This email was sent from an external source. Do not open
attachments or click on links from unknown or suspicious senders. *** ]]
I would highly discourage the use of the ciphers listed. I would
Nevermind, found this in the latest book
*TLSMECHANISM*
Use this statement to specify whether TLS is implemented by AT-TLS or by
FTP.*ATTLS indicates TLS processing is performed by AT-TLS, and must be
specified in order to support TLS 1.2 which is required by IBM's download
server.*
On Thu,
What’s the secret decoder ring/handshake to make FTP work? We need
AT-TLS? Or can we make updates to the FTPDATA DD (using TLSMECHANISM FTP)?
On Thu, May 6, 2021 at 7:46 AM Kurt Quackenbush wrote:
> On 5/5/2021 1:13 PM, Dave Jousma wrote:
>
> > ... For some reason we are still struggling.
>
Date: Thursday, 6 May 2021 7:46 AM CDT
Subject: Re: SMPE Receive Order post May 1st
On 5/5/2021 1:13 PM, Dave Jousma wrote:
> ... For some reason we are still struggling.
For anyone still struggling to connect with FTPS to IBM's download
server after the May 1 server update, please, please, PLE
On 5/5/2021 1:13 PM, Dave Jousma wrote:
... For some reason we are still struggling.
For anyone still struggling to connect with FTPS to IBM's download
server after the May 1 server update, please, please, PLEASE consider
telling SMP/E to use HTTPS for the downloads instead of FTPS. It
On 5/5/2021 2:58 PM, Michael Babcock wrote:
I would highly discourage the use of the ciphers listed. I would use
these more secure ciphers (I'm sure there are others that are acceptable).
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Receive Order post May 1st
[[ SEI WARNING *** This email was sent from an external source. Do not open
attachments or click on links from unknown or suspicious senders. *** ]]
Well, for what it's worth, I just tried it and my job was successful,
however, I also received the SSLv23/TLSv1
>Dave,
Here you go:
>##
># #
>
># Secure FTP Application #
>
>#
}
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Dave Jousma
Sent: Wednesday, May 05, 2021 1:13 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: SMPE Receive Order post May 1st
[[ SEI WARNING *** This email was sent from an external source. Do
> Well, for what it's worth, I just tried it and my job was successful,
> however, I also received the SSLv23/TLSv1 messages. So I used the standard
> job that IBM provided (RFNJOBS) and I turned on Debug SEC. Here is what I got
(snip)
Hey Tony, Thanks for this. For some reason we are
helps.
Tony
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Dave Jousma
Sent: Tuesday, May 04, 2021 10:53 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: SMPE Receive Order post May 1st
[[ SEI WARNING *** This email was sent from an external source.
I should have commented that the HTTPS method is working fine. And my last
successful FTPs download was last week Monday April 26th.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
Anyone ordering maintenance post May 1st using FTPs to download? Here was the
announcement:
As of May 1, 2021, to download files from IBM's secure delivery server using
FTPS, it is necessary to enable TLS 1.2 in the z/OS Communications Server FTP
client program.
So, we've enabled ATTLS via
20 matches
Mail list logo
