Ah, maybe he was going on this or something similar, and it got garbled in translation:
https://www.ibm.com/support/pages/zos-communications-server-tls-needed-implement-tls-v12 First Horizon Bank Mainframe Technical Support -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Jackson, Rob Sent: Tuesday, June 30, 2020 1:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [Originated Externally]Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when clicking links or opening attachments.] My turn to say interesting! I didn't look it up; just going on what the Comm guy assured me. We're still on 2.2 (shortly on to 2.4), so maybe that makes a difference. First Horizon Bank Mainframe Technical Support -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Lennie Dymoke-Bradshaw Sent: Tuesday, June 30, 2020 1:18 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when clicking links or opening attachments.] I have TLS 1.2 working in my TN3270 server without AT-TLS. This is on z/OS 2.3 Lennie Dymoke-Bradshaw Consultant working on contract for BMC Mainframe Services by RSM Partners ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Jackson, Rob Sent: 30 June 2020 18:10 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] AT-TLS ? Very Basic Questions A note, without addressing your entire post (certainly not my area of expertise): AT-TLS is required for TN3270 (and others) if you want to use TLS 1.2 and higher. In your TELNETPARMS for the port, instead of using SECUREPORT, you use TTLSPORT, referencing a port specified in a TTLSRule in AT-TLS. First Horizon Bank Mainframe Technical Support -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 12:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when clicking links or opening attachments.] I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar last week, but I'm still missing what I imagine are important background points. Maybe someone here can explain things, but don't worry too much about it. Client and server programs like SSH/SSHD call programs such as OpenSSL to handle the encryption handshake and processing. So when you set those up, there is no AT-TLS needed for encryption. Same with the TN3270 server and client, as long as you set that up with keys and parameters on the host side, and settings on the client side. I'm thinking because of the name "Application Transparent" that AT-TLS was made for programs that DON'T have their own logic to call OpenSSL (or whatever) to do their own encryption. Let's use clear-text FTP as an example. So somehow, AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of like VPN does, but only for that one application. Does that sound correct? If so, then the encryption is "transparent" to the FTP server code and FTP does not need to be changed, which I think is the whole idea here. Yet we now have an encrypted session. Does that sound correct? Then if so, what happens on the FTP client side? I certainly can't use the Windows FTP command, for example, because it's not setup for any kind of encryption. That's kind of my big question here. On 6/30/2020 1:44 AM, Lionel B Dyck wrote: > Sweet - thank you > > > Lionel B. Dyck <sdg>< > Website: https://www.lbdsoftware.com > > "Worry more about your character than your reputation. Character is > what you are, reputation merely what others think you are." - John > Wooden > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On > Behalf Of kekronbekron > Sent: Tuesday, June 30, 2020 2:34 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: AT-TLS ? > > Hi LBD!, > > Check these out- > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415 > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414 > > - KB > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Monday, June 29, 2020 3:56 AM, Lionel B Dyck <lbd...@gmail.com> wrote: > >> Anyone have any pointers for configuring AT-TLS on z/OS? >> >> Lionel B. Dyck <sdg>< >> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com >> >> "Worry more about your character than your reputation. Character is >> what you are, reputation merely what others think you are." - John >> Wooden >> >> >> --------------------------------------------------------------------- >> - >> --------------------------------------------------------------------- >> - >> ----- >> >> For IBM-MAIN subscribe / signoff / archive access instructions, send >> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN Confidentiality notice: This e-mail message, including any attachments, may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution, or copying of this e-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this e-mail message from your computer. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
