In article <> you 
> I've tried to skim some of the AT-TLS doc, and even attended an IBM 
> webinar last week, but I'm still missing what I imagine are important 
> background points.  Maybe someone here can explain things, but don't 
> worry too much about it.

> Client and server programs like SSH/SSHD call programs such as OpenSSL 
> to handle the encryption handshake and processing.  So when you set 
> those up, there is no AT-TLS needed for encryption.  Same with the 
> TN3270 server and client, as long as you set that up with keys and 
> parameters on the host side, and settings on the client side.

> I'm thinking because of the name "Application Transparent" that AT-TLS 
> was made for programs that DON'T have their own logic to call OpenSSL 
> (or whatever) to do their own encryption.  Let's use clear-text FTP as 
> an example.  So somehow, AT-TLS hooks into the processing and provides 
> an encrypted "tunnel", kind of like VPN does, but only for that one 
> application.  Does that sound correct?

> If so, then the encryption is "transparent" to the FTP server code and 
> FTP does not need to be changed, which I think is the whole idea here. 
> Yet we now have an encrypted session.  Does that sound correct?

> Then if so, what happens on the FTP client side?  I certainly can't use 
> the Windows FTP command, for example, because it's not setup for any 
> kind of encryption.  That's kind of my big question here.

I can't see that anyone answered your last question. Yes, the default Windows
FTP doesn't support encryption. There are third-party FTPS client programs you 
can purchase that do so. Or your could run lftp on the Windows Ubuntu shell.

Don Poitras - SAS Development  -  SAS Institute Inc. - SAS Campus Drive           (919) 531-5637                Cary, NC 27513

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to with the message: INFO IBM-MAIN

Reply via email to