Hayim Sokolsky wrote: >Actually "plain old" FTP on z/OS has supported encryption --- directly --- >for a good long while.
A very long while. z/OS 1.2 (Generally Available on October 26, 2001) introduced support for TLS/SSL FTP (a.k.a. FTPS) along with related security enhancements. That was for both the FTP client and server. Of course there have been many FTPS-related improvements in z/OS releases since then. IETF RFC 4217 (?Securing FTP with TLS,? published in 2005) is the most relevant document describing the FTPS standards. Phil Smith III asks: >....Rather, I'm wondering about the earlier suggestion to add AT-TLS. In the >cases I've seen, AT-TLS only works for outbound. Can you also tell it "This >incoming connection will be encrypted, please take the data out of the tunnel >and present it to the application unencrypted"? >I expect y'all are gonna say "Of course", in which case today will be a good >day -- I will have learned something! Of course. z/OS AT-TLS supports both inbound and outbound connections. Including FTPS connections. Here are the instructions for enabling the FTP server to use z/OS AT-TLS (z/OS 3.1 link, subject to change): https://www.ibm.com/docs/en/zos/3.1.0?topic=security-steps-customizing-ftp-server-tls And here?s the link for the FTP client: https://www.ibm.com/docs/en/zos/3.1.0?topic=security-steps-customizing-ftp-client-tls ????? Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, Asia-Pacific [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
