We are not currently using AT-TLS for FTP. We are currently activating TLSv1.2 support with the following environment variable: GSK_PROTOCOL_TLSV1_2=1
This works fine and allows us to use (default) cipherspec 35: TLS_RSA_WITH_AES_256_CBC_SHA (FU1330 tlsLevel: using TLSV1.2 with SSL_AES_256_SHA (35)). This cipherspec uses a SHA-1 hash, and we want to eliminate use of SHA-1. So I'm trying to figure out how to use cipherspec 3D: TLS_RSA_WITH_AES_256_CBC_SHA256. It doesn't look like the FTP client supports explicit use of SHA256 hashes, as far as I can tell. There does not appear to be a CIPHERSUITE statement value to utilize SHA256. So I've been trying to use a GSK environment variable to specify it. I've tried all of the following, and none seem to work: GSK_V3_CIPHER_SPECS=3D GSK_V3_CIPHER_SPECS="3D" GSK_V3_CIPHER_SPECS_EXPANDED=003D GSK_V3_CIPHER_SPECS_EXPANDED="003D" All of them get the following (when DEBUG SEC is specified in my ftp.data<ftp://ftp.data> file): FC0334 ftpAuth: ........ cipherspecs = FC0379 ftpAuth: environment_open() FC0383 ftpAuth: open of the TLS environment failed with rc = 703 (Enumeration is not valid) EZA2897I Authentication negotiation failed I am thinking that we might have to bite the bullet and use ATTLS instead, but if anyone has been successful using a SHA256 cipherspec without it I'd love to hear your thoughts. Thanks, Frank ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
