Re: Secure TN3270

Mon, 28 Apr 2008 12:56:04 -0700 

        Len,

        Thanks. We do not have hardware encryption co-processors. This
Will be our first SSL/TLS implementation. Our connections will be
internal, so I will try to use the self-signed certificate. I appreciate
the information.

        Bill

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Rugen, Len
Sent: Monday, April 28, 2008 2:40 PM
To: [email protected]
Subject: Re: Secure TN3270

It probably wasn't answered because the manuals pretty much tell you how
to do it.  There are also examples in RedBooks.  I set ours up several
years ago, so I don't remember all the pain involved.  

What may be important is your certificate authority.  If you connections
are internal, then you might get by with a self signed certificate.  If
you have external clients, you may need a commercial certificate.  I had
the most problems getting the certificates into RACF because of some
LRECL/RECFM issues of the imported file. 

It also matters if you have hardware encryption co-processors.  If this
is your first SSL/TLS implementation, that will be the hard part.
Getting TN3270 to use a secure port is pretty easy. 

Our heavy lifting is still done outboard on an obsolete Cisco CIP with
Cisco SSL switches.  When we were out of CPU, it made little sense to
upgrade CPU just to encrypt tn3270 traffic when there were network boxes
sitting there to do the same function for web applications.  That setup
is NOT in the books :-)    


Len Rugen

"In theory, there is no difference between theory and practice. But in
practice, there is." 
- Yogi Berra 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to