Date: Wed, 1 Dec 2010 17:10:41 -0500
From: alan_altm...@us.ibm.com
Subject: Re: z/VM 6.1, SSLSERV Question
To: IBMVM@LISTSERV.UARK.EDU
snip
Btw, I don't see very much pressure being placed on z/VM to provide
client-side TLS support for homegrown RxSocket or Pipeline apps. I see
On Thursday, 12/02/2010 at 08:15 EST, Mark Wheeler
mwheele...@hotmail.com wrote:
It would be nice if UFT(D) would support it.
RFC 1440 does not define a mechanism for the UFT client and server to
negotiate and initiate TLS. A new RFC is needed. (Note that the IETF now
requires protocols to
System
[mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark
Sent: Wednesday, December 01, 2010 6:53 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: z/VM 6.1, SSLSERV Question
On Tuesday, 11/30/2010 at 06:39 EST, Schuh, Richard
rsc...@visa.com
wrote:
We have a person who is trying
Yep. A new RFC is needed. The original author has been saying that for ten
years, has asked for collaborators, and is still open.
The original design intentionally left compression and encryption out of
scope. The advent of SSL suggests that was probably a good choice. ZIP has
been around
On Thursday, 12/02/2010 at 09:32 EST, Richard Troth vmcow...@gmail.com
wrote:
RXSSL comes to mind. As it happens, a couple of us were discussing
RXSSL
off-list within the past day. Seems that it may need some attention to
get it
working with the new VM SSL.
As I'm sure you have
Alan Altmark alan_altm...@us.ibm.com wrote :-
I would have thought that everyone's IT host network security
departments would be turning the screws on unencrypted and
unauthenticated
transmission to/from VM of any sensitive data and/or passwords. (You
mean you let MAINT's password flow
On Thursday, 12/02/2010 at 10:08 EST, Richard Troth vmcow...@gmail.com
wrote:
The bottom line for UFT is to do over TCP what RSCS does over
CTC/VTAM/NJE, but
not in the way NJE/IP does. (Of course, it might be a good hint to the
present
NJE/IP authors and owners to create a UFT driver
No.
Look again.
There is an important topological difference between UFT and NJE-IP.
UFT is just another IP protocol (one that looks more like RSCS than, say,
FTP). Your network topology does not change.
While NJE-over-IP is a network-on-a-network. Full-blown RSCS, but with a
whole raft of
Of Alan Altmark
Sent: Wednesday, December 01, 2010 2:11 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: z/VM 6.1, SSLSERV Question
On Wednesday, 12/01/2010 at 11:43 EST, Schuh, Richard
rsc...@visa.com
wrote:
Thanks for the reply, Alan. So it is not possible using
RXSOCKET. Is
it possible
What command are you issuing on the CMS client?
Alan Ackerman
as a secure port. He has
traced
the SSLSERV and sees no traffic going through it; however, the
connection to
TPF is made and it is not secure. The ASSORTEDPARMS are coded as:
ASSORTEDPARMS
SECURELOCAL
PROXYARP
IGNOREREDIRECT
FREELOWPORTS
ENDASSORTEDPARMS
What is the magic
...@listserv.uark.edu] On Behalf Of Alan Altmark
Sent: Wednesday, December 01, 2010 6:53 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: z/VM 6.1, SSLSERV Question
On Tuesday, 11/30/2010 at 06:39 EST, Schuh, Richard
rsc...@visa.com
wrote:
We have a person who is trying to get a secure end-to-end
On Wednesday, 12/01/2010 at 11:43 EST, Schuh, Richard rsc...@visa.com
wrote:
Thanks for the reply, Alan. So it is not possible using RXSOCKET. Is it
possible from a CMS client running a home-grown assembler or Pipelines
program,
or is it a lost cause?
A lost cause, I would say.
We have a person who is trying to get a secure end-to-end transaction between a
CMS client and a TPF host. RXSOCKET is being used by the CMS client. The port
specified is 51105, which has been designated as a secure port. He has traced
the SSLSERV and sees no traffic going through it; however
On Friday, 10/23/2009 at 05:55 EDT, Marcy Cortes
marcy.d.cor...@wellsfargo.com wrote:
I finally got SSLESRV working on 5.4 with our CA. Yay!
Now.. If I have more than one TCPIP stack on a system, say TCPIP and
TCPIP2. I
figure I'll need an SSLSERV and an SSLSERV2.
But can they share /etc
Hi Marcy,
Your supposition about needing distinct SSL server virtual machines for e
ach
stack is correct.
But can they share /etc/gskadm/Database.kdb ? I can't see why not.
Yes, the various SSL servers all can share the same key database.
And.. If I've done that, can they use the same cert?
Cibula
Sent: Saturday, October 24, 2009 11:07 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] Question on SSLSERV and multiple stacks
Hi Marcy,
Your supposition about needing distinct SSL server virtual machines for e=
ach
stack is correct.
But can they share /etc/gskadm/Database.kdb ? I can't
I finally got SSLESRV working on 5.4 with our CA. Yay!
Now.. If I have more than one TCPIP stack on a system, say TCPIP and TCPIP2. I
figure I'll need an SSLSERV and an SSLSERV2.
But can they share /etc/gskadm/Database.kdb ? I can't see why not.
And.. If I've done that, can they use the same
SSLSERV gets this when I try to connect:
DTCSSL022E Handshake failed: rc: 428 reason: Key entry does not contain a
private key
I used Option 5 to import it.
The error code says this. (The codes are in the z/os manual so what they tell
me to do is rather z/os'y)
428
Key entry does
Marcy,
If I remember right I had the same problem when I did it back in
Janurary.. If memory serves, the problem is that the export/import
function of SSLSERV doesn't work.. There may be a PTF to fix it, I don't
know.. I had to do one of the 'create' options..
-Original Message-
From
On Tuesday, 08/04/2009 at 11:36 EDT, Marcy Cortes
marcy.d.cor...@wellsfargo.com wrote:
SSLSERV gets this when I try to connect:
DTCSSL022E Handshake failed: rc: 428 reason: Key entry does not contain
a
private key
I used Option 5 to import it.
Option 5 doesn't import certificates
, August 04, 2009 9:37 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] SSL DTCSSL022E message on SSLSERV
On Tuesday, 08/04/2009 at 11:36 EDT, Marcy Cortes
marcy.d.cor...@wellsfargo.com wrote:
SSLSERV gets this when I try to connect:
DTCSSL022E Handshake failed: rc: 428 reason: Key entry
On Tuesday, 08/04/2009 at 12:45 EDT, Marcy Cortes
marcy.d.cor...@wellsfargo.com wrote:
Wrong words.
I used option 4 to create the CSR. Took that to the CMS (Certificate
Management System) and used for the request.
Once I got it, I used option 5 to receive it. I had used option 7 to
...@listserv.uark.edu] On Behalf
Of Marcy Cortes
Sent: Tuesday, August 04, 2009 09:45
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] SSL DTCSSL022E message on SSLSERV
That's exactly how I did it too - our Cert Authority sounds similar; the root
cert and the intermediate cert were sep files
[mailto:ib...@listserv.uark.edu] On Behalf
Of Alan Altmark
Sent: Tuesday, August 04, 2009 10:15 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] SSL DTCSSL022E message on SSLSERV
On Tuesday, 08/04/2009 at 12:45 EDT, Marcy Cortes
marcy.d.cor...@wellsfargo.com wrote:
Wrong words.
I used
This message is in our SSLSERV start up console log and its not in the
manual:
MSG FROM TCPIP : Restarting you because you have no passive open on
TCP port
The following line is present in the TCPIP TCPIP file used to startup
the TCPIP service machine and is in the port reservation
I'd started with $100 million. -- Jon Stewart
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Hughes, Jim
Sent: Tuesday, May 19, 2009 09:54
To: IBMVM@LISTSERV.UARK.EDU
Subject: [IBMVM] Z/VM SSLSERV Question
This message is in our SSLSERV start up console log
cc
Sent by: The IBM
z/VM OperatingSubject
SystemRe: Z/VM SSLSERV Question
: Friday, March 20, 2009 4:48 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: New CMS based SSLSERV problem... DTCSSL300E
On Wed, 18 Mar 2009 10:53:08 -0400, Alan Altmark alan_altm...@us.ibm.com
wrote:
On Wednesday, 03/18/2009 at 09:49 EDT, Mrohs, Ray
ray.mr...@usdoj.gov
wrote:
This is slightly off
.edu wrote:
I have a dumb question and a long posting. Sorry. We have SSLSERV working
on our 2nd lvl z/VM 5.4 system, the one I loaded from the IBM DDR. I always
bring up a new release on a 2nd level id and then move code piece by piece
to our production systems. Almost everything is mo
2009/3/30 Jim Bohnsack jab...@cornell.edu:
On my 2nd level system installed from the IBM ddr and then the SSL PTF, when
I try what Richard suggested, I get the following:
ls -la
/etc
Erwxrwxrwx 1 maintsystem21 Oct 2 15:55 /etc -
/../VMBFS:VMSYSU:E
TC
$
Is that normal?
On 3/22/09 3:31 PM, Alan Altmark alan_altm...@us.ibm.com wrote:
Sorry, David, that would just make things worse since we'd keep shipping a
new CONFIG filepool in each release as we do with VMSYS and VMSYSU, and
then there would be two *global* CONFIG filepools in the collection. Two
objects
On Friday, 03/20/2009 at 09:29 EDT, Jim Bohnsack jab...@cornell.edu
wrote:
Thank you all for your responses. It sounds as if it is as I suspected,
a total lack of knowledge about BSF and almost as much of a lack of
knowledge about SFS. It might be a good idea to include some of these
You might find it worth the effort to create your own SFS filepool
so that
release-to-release migrations don't create a disruption since you
have to
actually migrate VMSYS content. With your own global filepool,
your 2nd
level system can down to the 1st level system (via TSAF) to
On Sunday, 03/22/2009 at 03:17 EDT, David Boyes dbo...@sinenomine.net
wrote:
Sounds like a good practice for the next release. Call it CONFIG or
something like that, and fix the apps like DFSMS to put their config
files there by default.
Sorry, David, that would just make things worse since
In this new redbook we do indeed recommend to create a special
filepool as storage space for the certificates and the LDAP databases,
this to avoid problems with release migrations. The principle:
customer data in your filepool; software in IBM's VMSYS. This is
definitely not the way things are
On Friday, 03/20/2009 at 05:48 EDT, Alan Ackerman
alan.acker...@earthlink.net wrote:
We have a problem with QWS3270. In 5.2.0/5.3.0 everything works fine
with
static SSL. In 5.4.0, QWS3270 prompts me for a certificate password. I
provide one and everything works, but it sure slows me down.
Seeking for some brief SFS/BFS overview: a certain DJ, well known
here, might remember I asked him in 1998 to devote a small section of
the VM/ESA Network computing with Java And NetRexx (SG24-5148) Redbook
to it.
I wrote something similar for the upcoming Redbook about password
synchronization
The Redbook Kris is referring to can be found here:
http://www.redbooks.ibm.com/abstracts/sg245148.html?Open. There is an overview
of BFS is
Chapter 2.
Another Redbook that might be of interest is OpenEdition for VM/ESA A
Implementation and
Administration Guide
Hi Dennis,
What you want to do (augment an existing tag value) can't be done using j
ust
DTCPARMS-defined tags and values, because (for a given :type.server and
:type.class pairing) any tag present in the 'server' entry overrides any
same-named tag that exists in the corresponding 'class' entry
I have a dumb question and a long posting. Sorry. We have SSLSERV
working on our 2nd lvl z/VM 5.4 system, the one I loaded from the IBM
DDR. I always bring up a new release on a 2nd level id and then move
code piece by piece to our production systems. Almost everything is
moved, but I am
Jim,
Did you enroll the ROOT, SSLSERV, and GSKSSLDB BFS filespaces in your
SFS server? Did you create the objects that go in those filespaces?
Take a look at your starter system to see what they should look like. I
did my z/VM 5.4.0 upgrade by rotating in a new sysres set, so all that
was done
-Original Message-
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Mark Cibula
Sent: Friday, March 20, 2009 06:53
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] New CMS based SSLSERV problem... DTCSSL300E
Hi Dennis,
What you want to do (augment an existing tag
On Friday, 03/20/2009 at 01:13 EDT, Jim Bohnsack jab...@cornell.edu
wrote:
I have a dumb question and a long posting. Sorry. We have SSLSERV
working on our 2nd lvl z/VM 5.4 system, the one I loaded from the IBM
DDR. I always bring up a new release on a 2nd level id and then move
code piece
typically be empty.)
And, of course, all this stuff is CaSe SeNsItIvE.
I hope this helps.
-- R;
On Fri, Mar 20, 2009 at 1:12 PM, Jim Bohnsack jab...@cornell.edu wrote:
I have a dumb question and a long posting. Sorry. We have SSLSERV working
on our 2nd lvl z/VM 5.4 system, the one I
On Wed, 18 Mar 2009 10:53:08 -0400, Alan Altmark alan_altm...@us.ibm.com
wrote:
On Wednesday, 03/18/2009 at 09:49 EDT, Mrohs, Ray ray.mr...@usdoj.gov
wrote:
This is slightly off-topic but if anyone has the 5.4 SSLSERV running
with the Rumba or WRQ Reflection 3270 emulator, please contact me
Thank you all for your responses. It sounds as if it is as I suspected,
a total lack of knowledge about BSF and almost as much of a lack of
knowledge about SFS. It might be a good idea to include some of these
SFS/BFS peculiar hints or ideas in the TCPIP doc, especially for the VM
newbie (as
Thanks Alan. Unfortunately our site is standardized on the Rumba client,
and the centrally managed upgrades happen once a blue moon. It looks
like it might be a while before we can utilize the new SSLSERV, even
under the best circumstances.
Is there a list of clients that have been tested
Mrohs, Ray writes:
Thanks Alan. Unfortunately our site is standardized on the Rumba client,
and the centrally managed upgrades happen once a blue moon. It looks
like it might be a while before we can utilize the new SSLSERV, even
under the best circumstances.
Is there a list of clients
On Thursday, 03/19/2009 at 08:39 EDT, Mrohs, Ray ray.mr...@usdoj.gov
wrote:
Thanks Alan. Unfortunately our site is standardized on the Rumba client,
and the centrally managed upgrades happen once a blue moon. It looks
like it might be a while before we can utilize the new SSLSERV, even
under
be a while before we can utilize the new SSLSERV, even
under the best circumstances.
Is there a list of clients that have been tested and work?
- IBM Personal Communications 5.9 works
- Seagull's BlueZone works
- x3270 works
- wc3270 (Windows version of x3270) works
- Zephyr Passport works
- IBM Host
...@listserv.uark.edu] On
Behalf Of Alan Altmark
Sent: Thursday, March 19, 2009 6:58 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] New CMS based SSLSERV problem... DTCSSL300E
On Thursday, 03/19/2009 at 08:39 EDT, Mrohs, Ray ray.mr...@usdoj.gov
wrote:
Thanks Alan. Unfortunately our site is standardized
. Unfortunately our site is standardized on the Rumba client,
and the centrally managed upgrades happen once a blue moon. It looks
like it might be a while before we can utilize the new SSLSERV, even
under the best circumstances.
Is there a list of clients that have been tested and work?
- IBM Personal
I have tested the following with Telnet TLS and z/VM on 5.4.
c3270 - Curses based x3270. Basically shell 3270.
tn3270 - Version 3.2.2 with the additional SSL / SSH license.
Seems to work good. I am a little concerned about the SSLSERVE overhead but no
way to really tell at this point as z/vm 5.4
Of Mark Cibula
Sent: Monday, March 16, 2009 15:11
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] New CMS based SSLSERV problem... DTCSSL300E
Dennis (and Mark W) --
Apologies for the somewhat duplicate posting - ran into a browser
timeout
whilst putting my posting together.. I would like
On Thursday, 03/19/2009 at 04:23 EDT, O'Brien, Dennis L
dennis.l.o'br...@bankofamerica.com wrote:
Mark C,
Thanks. I implemented your suggestion, and it works fine. Am I correct
that whatever file I end up putting the :parms. tag in, I need to put
all the parameters of :parms. there? We
Operating System [mailto:ib...@listserv.uark.edu] On Behalf
Of Alan Altmark
Sent: Thursday, March 19, 2009 2:25 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: New CMS based SSLSERV problem... DTCSSL300E
On Thursday, 03/19/2009 at 04:23 EDT, O'Brien, Dennis L
dennis.l.o'br...@bankofamerica.com wrote
This is slightly off-topic but if anyone has the 5.4 SSLSERV running
with the Rumba or WRQ Reflection 3270 emulator, please contact me
offline. Thanks.
Ray Mrohs
U.S. Department of Justice
202-307-6896
-Original Message-
From: The IBM z/VM Operating System [mailto:ib
On Wednesday, 03/18/2009 at 09:49 EDT, Mrohs, Ray ray.mr...@usdoj.gov
wrote:
This is slightly off-topic but if anyone has the 5.4 SSLSERV running
with the Rumba or WRQ Reflection 3270 emulator, please contact me
offline. Thanks.
Neither Rumba nor Reflection work correctly. We are working
CMS based SSLSERV problem... DTCSSL300E
Dennis (and Mark W) --
Apologies for the somewhat duplicate posting - ran into a browser timeout
whilst putting my posting together.. I would like to suggest how one can
implement DTCPARMS server customizations (building on Dennis' post) to
better isolate
I'll start by saying that I have already found, read and preformed all tasks on
http://www.vm.ibm.com/related/tcpip/tcsslini.html to no avail.
I'm trying to setup the new CMS based SSLSERV for z/VM 540 RSU 0802, but I keep
getting the exact error mentioned in the link above.
DTCRUN1011I
/Database.kdb
MAXSESSIONS 30
EXEMPT LOW
Your error message is because SSLSERV is not seeing a :mount. tag, so it
doesn't know where to find /etc/gskadm/Database.kdb.
Dennis O'Brien
39,516
/gskadm/Database.kdb
(Note: The 540 GA-level of this file lacks the 'SSLSERV' file space ID fo
r
the '/tmp' mount; commentary in the updated file explains why this needs
to
be included.)
One other customer ran across the errors you cited for this same reason,
but
I've just not had a chance
Dennis (and Mark W) --
Apologies for the somewhat duplicate posting - ran into a browser timeout
whilst putting my posting together.. I would like to suggest how one ca
n
implement DTCPARMS server customizations (building on Dennis' post) to
better isolate them, and to lessen the impact of
I am in the process of building a SSLSERV virtual machine, under z/VM 5.3 SLU
801, using SLES 9 SP3. ONE question is there a Red book for this process…..
_
Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie
@LISTSERV.UARK.EDU
Subject: SSLSERV question
I am in the process of building a SSLSERV virtual machine, under z/VM 5.3 SLU
801, using SLES 9 SP3. ONE question is there a Red book for this process…..
_
Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie. Learn
http
On Tuesday, 02/17/2009 at 01:41 EST, clifford jackson
cliffordjackson...@msn.com wrote:
I am in the process of building a SSLSERV virtual machine, under z/VM
5.3 SLU
801, using SLES 9 SP3. ONE question is there a Red book for this
process?..
No. We tried to make the instructions in the TCP
On Feb 17, 2009, at 4:21 PM, Alan Altmark wrote:
On Tuesday, 02/17/2009 at 01:41 EST, clifford jackson
cliffordjackson...@msn.com wrote:
I am in the process of building a SSLSERV virtual machine, under z/VM
5.3 SLU
801, using SLES 9 SP3. ONE question is there a Red book for this
process
Here's a writeup I put together when I had to do it:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/e0z1p161/26.1.1?SHELF=DT=20080627173833CASE=
Watch for wrap on that URL.
--
Jay Brenneman
On Friday, 02/06/2009 at 02:46 EST, Huegel, Thomas thue...@kable.com
wrote:
SSLSERV : DTCSSL022E Handshake failed: rc: 440 reason: Incorrect key
usage
Does anyone know what this means?
The message refers one to a z/OS manual but it is very onclear..
especially for
one that doesn't
Thanks Alan, I'll look it some more..
-Original Message-
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu]on
Behalf Of Alan Altmark
Sent: Monday, February 09, 2009 8:57 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: still messing with sslserv
On Friday, 02/06/2009 at 02
(I'm working up a web page on the ways to manage certificates on z/VM.)
Hi Alan,
A cheat sheet with the basics that folks need to create, import,
export and manage keys and certificates would be a HUGE help. A lot of
shops have never used BFS until now, so just getting up to speed on the
right
On Monday, 02/09/2009 at 01:30 EST, Michael Coffin
michaelcof...@mccci.com wrote:
A cheat sheet with the basics that folks need to create, import,
export and manage keys and certificates would be a HUGE help. A lot of
shops have never used BFS until now, so just getting up to speed on the
-0500
From: alan_altm...@us.ibm.com
Subject: Re: still messing with sslserv
To: IBMVM@LISTSERV.UARK.EDU
_
Windows Live™: E-mail. Chat. Share. Get more ways to connect.
http://windowslive.com/explore?ocid
SSLSERV : DTCSSL022E Handshake failed: rc: 440 reason: Incorrect key usage
Does anyone know what this means?
The message refers one to a z/OS manual but it is very onclear.. especially for
one that doesn't understand SSL to start with.
Thanks
@LISTSERV.UARK.EDU
Date:
01/26/2009 02:01 AM
Subject:
AW: SSLSERV and TN3270
Hello Marci,
could you please tell me which clients really rub with SECURECONNECTION
ALLOWED?
Thank you for help.
With best regards
Eddi Sontowski
Landesamt für Besoldung und Versorgung NRW
mailto: edgar.sontow
Von: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] Im Auftrag
von Marci Beach
Gesendet: Donnerstag, 22. Januar 2009 19:10
An: IBMVM@LISTSERV.UARK.EDU
Betreff: Re: Re; SSLSERV and TN3270
This problem does not happen with all clients so it depends on what
Hello James,
a small hint from my site with using SSLSERV with z/VM 5.4:
Dymamic SSL (TLS) does not run with SECURECONNECTION ALLOWED at this
point of time. We have a PMR open.
The circumvention is SECURECONNECTION PREFERRED or SECURECONNECTION
REQUIRED.
Best regards
Eddi Sontowski
This problem does not happen with all clients so it depends on what client
one is using.
Marci Beach
From:
Sontowski, Edgar (LBV) edgar.sontow...@lbv.nrw.de
To:
IBMVM@LISTSERV.UARK.EDU
Date:
01/22/2009 07:00 AM
Subject:
Re; SSLSERV and TN3270
Hello James, a small hint from
[mailto:ib...@listserv.uark.edu] On Behalf
Of Sterling James
Sent: Tuesday, January 20, 2009 12:03 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: SSLSERV and TN3270
Please consider the environment before printing this email and any attachments.
This e-mail and any
Mark Pace mpac...@gmail.com
I don't know anything about the BlueZone client.
For x3270 on linux you simply add the -L switch when starting an x3270
session. However the x3270 has to have been compiled with SSL support.
I do have the v3.3.8p2 compiled with SSL support. I am trying to setup the
Raymond Noal raymond.n...@hds.com
BlueZone does support SSL connections - you have a choice for SSL V3
from the Security Tab in the Session Configuration = TN3270
Configuration panels.
Thanks Ray,
I have the configuration set for ssl v3( actually tls v1, but same
results).
And the Certificate
On Tuesday, 01/20/2009 at 11:46 EST, Sterling James
ssja...@dstsystems.com wrote:
I do have the v3.3.8p2 compiled with SSL support. I am trying to setup
the
dynamic connection (TELNET START-TLS) vs the static (ssl-tunnel). The
unknowns are how to deal with the certificates/
From
On Tuesday, 01/20/2009 at 12:12 EST, Sterling James
ssja...@dstsystems.com wrote:
Raymond Noal raymond.n...@hds.com
BlueZone does support SSL connections - you have a choice for SSL V3
from the Security Tab in the Session Configuration = TN3270
Configuration panels.
Thanks Ray,
I have the
Hello,
I'm trying to get TN3270 sessions to use SSL/TLS-protected communications.
I have the static SSL Connections (PERFSVM web) working. I am trying
to get Window's BlueZone client to attach to VM54 with SSL (then x3270 on
linux would be next) . If someone has accomplished this and would
I don't know anything about the BlueZone client.
For x3270 on linux you simply add the -L switch when starting an x3270
session. However the x3270 has to have been compiled with SSL support.
On Fri, Jan 16, 2009 at 12:27 PM, Sterling James ssja...@dstsystems.comwrote:
Hello,
I'm trying to
: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Sterling James
Sent: Friday, January 16, 2009 9:27 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: SSLSERV and TN3270
Please consider the environment before printing this email and any
attachments
Hello,
I'm trying to get TN3270 sessions to use SSL/TLS-protected communications. I
have the static SSL Connections (PERFSVM web) working. I am trying to get
Window's BlueZone client to attach to VM54 with SSL (then x3270 on linux would
be next) . If someone has accomplished this and would
Greetings,
In the light of the restriction of 128 concurrent secured sessions on a
system, can one (I) utilise more than one SSL server, and what mechanism can be
used to have one server or the other service the connection?
Thanks.
Suleiman Shahin
One SSLSERV per stack, but you can have multiple stacks each with their
own IP address. When I get maintenance for TCPIP, it goes on a TCPTEST
server with its own SSLTEST server, different IP address but I can get
to the same system.
/Tom Kern
Suleiman Shahin wrote:
Greetings,
In the light
Now I see light -:) Thanks.
Suleiman Shahin
Date: Tue, 18 Nov 2008 13:13:31 -0500
From: [EMAIL PROTECTED]
Subject: Re: SSLSERV
To: IBMVM@LISTSERV.UARK.EDU
One SSLSERV per stack, but you can have multiple stacks each with their
own IP address. When I get maintenance for TCPIP
More light coming -:) Thanks so much.
Suleiman Shahin
Date: Tue, 18 Nov 2008 13:53:44 -0500
From: [EMAIL PROTECTED]
Subject: Re: SSLSERV
To: IBMVM@LISTSERV.UARK.EDU
Re: SSLSERV
One per TCPIP stack. You need to use some kind of connection distribution
outside the VM stack to manage
, November 18, 2008 1:18 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: SSLSERV
More light coming -:) Thanks so much.
Suleiman Shahin
_
Date: Tue, 18 Nov 2008 13:53:44 -0500
From: [EMAIL PROTECTED]
Subject: Re: SSLSERV
To: IBMVM@LISTSERV.UARK.EDU
One per TCPIP stack. You need to use some
On Tuesday, 11/18/2008 at 02:51 EST, Huegel, Thomas [EMAIL PROTECTED]
wrote:
Has anyone seen specs for the new CMS based SSL that will be available
next
month for 5.4 (maybe earlier releases too)
Will it support more than 128 connections?
Yes. :-)
Alan Altmark
z/VM Development
IBM
@LISTSERV.UARK.EDU
Subject: Re: SSLSERV
On Tuesday, 11/18/2008 at 02:51 EST, Huegel, Thomas
[EMAIL PROTECTED]
wrote:
Has anyone seen specs for the new CMS based SSL that will be
available
next
month for 5.4 (maybe earlier releases too) Will it
support more
than 128 connections?
Yes
On Tuesday, 11/18/2008 at 03:06 EST, Schuh, Richard [EMAIL PROTECTED]
wrote:
Yes, you have seen the specs or Yes, it will support more than 128
connections?
Yes, I have seen the specs. Yes, it will support more than 128
connections.
Alan Altmark
z/VM Development
IBM Endicott
On Friday, 10/19/2007 at 08:06 EDT, Alan Ackerman
[EMAIL PROTECTED] wrote:
What I see is:
Error 0x800b0109 (CERT_E_UNTRUSTEDROOT) returned by
CertVerifyCertificateChainPolicy!
Connected to 171.177.29.52 port 6443
from 171.184.0.226 port 2027
...
The error is because we are using a
On Thu, 18 Oct 2007 17:54:32 -0400, Alan Altmark [EMAIL PROTECTED]
wrote:
On Thursday, 10/18/2007 at 04:07 EDT, Alan Ackerman
[EMAIL PROTECTED] wrote:
We don't have PCOMM, but QWS3270 Secure, so I don't know what our
situation will be. [re: Resumed SSL sessions]
If you get a trace (e.g.
On Thu, 18 Oct 2007 19:31:16 -0400, Steve Bireley
[EMAIL PROTECTED] wrote:
Hi Alan,
For telnet, the SSL session resume is insignificant since the sessions
last so long. Further, interactive sessions typically result in very
little traffic because users type slowly and the 3270 datastream is
transfer results in the data port being opened and closed. Man
y
small files being transferred should use more CPU than one large file
being transferred. I am not sure if SSLServ supports session caching
(reuse of the session keys) to lessen the CPU impact of the key exchange,
or if the FTP
1 - 100 of 135 matches
Mail list logo