Boy does it ever <grin> Before recommending AT/TLS its really important to understand the application and it's requirements. AT/TLS should NOT be a knee jerk recommendation.
Jerry Whitteridge Sr Manager Managed Services [email protected] 480 578 7889 -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Phil Smith III Sent: Monday, September 16, 2024 12:47 PM To: [email protected] Subject: EXTERNAL Email: Re: Is z/OS FTP encrypted? I saw Hayim's note that FTP on z/OS supports encryption, and uses AT-TLS/PAGENT, so I'm not asking about FTP itself here. Rather, I'm wondering about the earlier suggestion to add AT-TLS. In the cases I've seen, AT-TLS only works for outbound. Can you also tell it "This incoming connection will be encrypted, please take the data out of the tunnel and present it to the application unencrypted"? I expect y'all are gonna say "Of course", in which case today will be a good day -- I will have learned something! And if it is "Of course", the reason I've not seen it is surely because the only times I've encountered AT-TLS is when people added it *on top* of the TLS our product already uses via GSK. As I've written before, this is a Very Bad Idea, because the outbound connection from z/OS, encrypted via AT-TLS, completes the handshake with the external server--which then gets the "inside" encrypted payload (the one WE encrypted via GSK), says "What the **** is THAT?!" and hangs up. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ________________________________ Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
