You are not correct. You can make SSL optional and therefore clear if it is not used, if the connection is secure, all data (including Userid/password) is encrypted.
Dave Gibney Information Technology Services Washington State University > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of John Mattson > Sent: Tuesday, August 25, 2009 12:33 PM > To: [email protected] > Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable > > Am I correct in that SSL sends UID and Passwords in the clear, but SSH > does not? > Do not PCI and JSOX require these to be encrypted? > > > > > "Gibney, Dave" <[email protected]> > Sent by: IBM Mainframe Discussion List <[email protected]> > 08/25/2009 11:29 AM > Please respond to > IBM Mainframe Discussion List <[email protected]> > Expire Date: 08/25/2011 > > > To > [email protected] > cc > > Subject > Re: Need new 3270 emulator: SSH, inexpensive, reliable > > > > > > I'm not an encryption expert, but I seriously doubt SSH (which has > always seemed flakey to me) is more secure than SSL. > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
