I saw Hayim's note that FTP on z/OS supports encryption, and uses AT-TLS/PAGENT, so I'm not asking about FTP itself here.
Rather, I'm wondering about the earlier suggestion to add AT-TLS. In the cases I've seen, AT-TLS only works for outbound. Can you also tell it "This incoming connection will be encrypted, please take the data out of the tunnel and present it to the application unencrypted"? I expect y'all are gonna say "Of course", in which case today will be a good day -- I will have learned something! And if it is "Of course", the reason I've not seen it is surely because the only times I've encountered AT-TLS is when people added it *on top* of the TLS our product already uses via GSK. As I've written before, this is a Very Bad Idea, because the outbound connection from z/OS, encrypted via AT-TLS, completes the handshake with the external server--which then gets the "inside" encrypted payload (the one WE encrypted via GSK), says "What the **** is THAT?!" and hangs up. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
