Charles: Password is in the clear, just like it's always been. The main security is controlled by directory permissions on the server--it's really a "dump it here". They can't even see what they've uploaded. The download directory (stuff from us) is read-only. Like I said, "kicking and screaming"...
Frank: //CEEOPTS is very close to what I was looking for! //FTPXFER EXEC PGM=FTP,REGION=4M, // PARM=('ENVAR("GSK_PROTOCOL_TLSV1_2=ON")/(EXIT') ...works great if all I want to do is force TLS 1.2. But there are a couple of other environment variables that are really handy for debugging: GSK_TRACE=0xFFFF and GSK_TRACE_FILE=/tmp/gskc.trc and while: //FTPXFER EXEC PGM=FTP,REGION=4M, // PARM=('ENVAR("GSK_PROTOCOL_TLSV1_2=ON","GSK_TRACE=0xFFFF","GSK_TRACE_FILE=/tmp/gskc.trc")/(EXIT') ...is possible, it pushes the limits of the PARM value's max length. But I can add as many variables with CEEOPTS as I want: //FTPXFER EXEC PGM=FTP,REGION=4M,PARM='(TIMEOUT 30 EXIT' //CEEOPTS DD * ENVAR("GSK_PROTOCOL_TLSV1_2=ON", "GSK_TRACE=0xFFFF", "GSK_TRACE_FILE=/tmp/gskb.trc") //* However, I did stumble across what a really wanted as I was closing out all the web pages I had open for this. https://www.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2r2.halz002/ip_env_var_used_by_tcpip_appls.htm ...is the page I'd overlooked. It explains that while _CEE_ENVFILE requires a VB255 dataset, _CEE_ENVFILE_S isn't so picky. So: //FTPXFER EXEC PGM=FTP,REGION=4M, // PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/(TIMEOUT 30 EXIT') //STDENV DD * GSK_PROTOCOL_TLSV1_2=ON //* GSK_TRACE=0xFFFF //* GSK_TRACE_FILE=/tmp/gskc.trc //SYSFTPD DD * ...is really what I was looking for in the first place. I can leave the TRACE vars commented, but if there is a problem they can easily be un-commented and the /tmp/gskc.trc file can be used to see exactly what's going on under the covers. (BTW, this trace appears to provide a lot more information than processing a GSKSRVR/GSKWRTR trace with IPCS and "CTRACE COMP(GSKSRVR) DDNAME(IPTRACE) FULL"--but it's probable that I just don't know what I'm doing with IPCS.) Anyway, thanks again to all! Wendell ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN