Dave,
Here you go:
##################################################################
# #
# Secure FTP Application #
# #
###################################################################
TTLSRule secure_ftp_client_rule
{
RemotePortRange 21 # This should be set to the port the FTP
# listening on
Direction Outbound
TTLSGroupActionRef secure_ftp_client_group
TTLSEnvironmentActionRef secure_ftp_client_env
}
TTLSGroupAction secure_ftp_client_group
{
TTLSEnabled On
Trace 7
}
TTLSEnvironmentAction secure_ftp_client_env
{
TTLSKeyringParms
{
Keyring /u/ftps/zos17dbf.kdb
KeyringStashFile /u/ftps/zos17dbf.sth
}
HandshakeRole Client
TTLSEnvironmentAdvancedParms
{
ApplicationControlled On
SecondaryMap On
SSLV3 Off
TLSV1 Off
TLSV1.1 Off
TLSV1.2 On
}
TTLSCipherParmsRef ftp_client_ciphers # to cust ciphers
}
TTLSCipherParms ftp_client_ciphers
{
# Sample ciphers. Should be customized!
V3CipherSuites TLS_RSA_WITH_AES_256_CBC_SHA
V3CipherSuites TLS_RSA_WITH_3DES_EDE_CBC_SHA
V3CipherSuites TLS_RSA_WITH_NULL_SHA
}
-----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Dave Jousma Sent: Wednesday, May 05, 2021 1:13 PM To: [email protected] Subject: Re: SMPE Receive Order post May 1st [[ SEI WARNING *** This email was sent from an external source. Do not open attachments or click on links from unknown or suspicious senders. *** ]] > Well, for what it's worth, I just tried it and my job was successful, >however, I also received the SSLv23/TLSv1 messages. So I used the >standard job that IBM provided (RFNJOBS) and I turned on Debug SEC. >Here is what I got (snip) Hey Tony, Thanks for this. For some reason we are still struggling. Would you be willing to share what your pagent policy for these items: FU2420 TTLSRule: secure_ftp_client_rule FU2426 TTLSGroupAction: secure_ftp_client_group FU2432 TTLSEnvironmentAction: secure_ftp_client_env looks like? I dont think there is anything sensitive, and if you'd rather, you can send to me off-list ([email protected]) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
