Wendell: Thank you for the notes. What happened was that we were specifying TLSPORT=5521 and by just specifying the TLSPORT it was assuming implicit connection and so neither server nor client sent the 220 message and they just wait for some reply. So I commented out the TLSPORT=5521 and just used port 5521 which then ran in explicit mode.
TLSPORT forces implicit for that port. Thanks again, Roberto On Mon, Oct 5, 2020 at 10:37 AM Wendell Lovewell < [email protected]> wrote: > I can't help you much on the server side of the equation, but this excerpt > from an FTP client job will get you started: > > 01 //FTPS EXEC PGM=FTP,REGION=4M, > 02 // PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/10.1.1.1 5521 -e') > 03 //STDENV DD * > 04 GSK_PROTOCOL_TLSV1_2=ON > 05 //* GSK_TRACE=0xFFFF > 06 //* GSK_TRACE_FILE=/tmp/gsk.trc > 07 //* The 2 stmts above can be temporarily uncommented for debugging > 08 //SYSFTPD DD *,SYMBOLS=(JCLONLY) > 09 CLIENTERRCODES EXTENDED > 10 EPSV4 TRUE > 11 EXTENSIONS AUTH_TLS > 12 FWFRIENDLY TRUE > 13 KEYRING TCPIP/your.FTP.KEYRING > 14 PASSIVEIGNOREADDR TRUE > 15 SECUREIMPLICITZOS FALSE > 16 SECURE_FTP REQUIRED > 17 SECURE_MECHANISM TLS > 18 SECURE_DATACONN PRIVATE > 19 SECURE_CTRLCONN PRIVATE > 20 SECURE_HOSTNAME REQUIRED > 21 TLSMECHANISM FTP > 22 TLSRFCLEVEL RFC4217 > 23 TRACE > 24 //* > > Line > 02 _CEE_ENVFILE_S=DD:STDENV > - Allows you to specify LE overrides via a SYSIN DD rather than a VB > dataset > 0.1.1.1 5521 > - Your server IP address & port > -e > Exit step with FTP return code instead of 0 (probably overridden) > > 05 & 06 > GSK_TRACE... > Turns on GSK tracing for FTP client, writes trace records into > /tmp/gsk.trc file > Use gsktrace "gsk.trc > gsk.out" command to format into human > readable. Very helpful > > 13 You will have to have a public/private key known to the server, and a > public key or > CA cert shared with the client (if on the same system, then on the > same key ring is fin) > > 11 & 16 are also important > > > You'll need to use the manuals to understand most of the commands, but > this will get you started. > > Some of these manuals may help: > > SC14-7495-30 Cryptographic Services System Secure Sockets Layer Programming > > SC27-3651-30 IP Configuration Reference > > GC27-3652-30 IP Diagnosis Guide may be useful if you are getting GSK > errors. > > SA23-2292-30 Security Server RACF Command Language Reference contains the > syntax for the RACDCERT instructions. > > HTH, > Wendell Lovewell > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Politics: Poli (many) - tics (blood sucking parasites) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
