SC24-5901 410 SSL message format is incorrect. Explanation: An incorrectly formatted SSL message is received from the communication partner. User response: Collect a System SSL trace containing a dump of the SSL message and then contact your service representative
You usually have to run a GSK trace to track down these problems. Are you using AT-TLS environment for the FTPS client ? -- Donald J. dona...@4email.net On Wed, May 7, 2014, at 07:38 AM, Mark Pace wrote: > Trying to turn on some DEBUG information > DEBUG FLO > > FC1003 authServer: secure_socket_init failed with rc = 410 (SSL message > format is incorrect) > > So not to try to figure out where to find this error message. > > > On Wed, May 7, 2014 at 10:19 AM, Mark Pace <pacemainl...@gmail.com> > wrote: > > > I remember setting up something very similar to connect to IBM. So I > > added the GoDady cert to the same keyring. > > > > sr cla(digtring) > > IBMUSER.smpemaint > > *IBMUSER.FtpSecur * > > IBMUSER.IBMRing > > IBMUSER.SecureFTPKeyRing > > IBMUSER.SMPEMAINT > > TN3270.TNRING > > *** > > > > > > > > racdcert id(ibmuser) listring(*FtpSecur*) > > Digital ring information for user IBMUSER: > > > > Ring: > > >FtpSecur< > > Certificate Label Name Cert Owner USAGE DEFAULT > > -------------------------------- ------------ -------- ------- > > GeoTrust Global CA CERTAUTH CERTAUTH NO > > * Go Daddy Class 2 CERTAUTH CERTAUTH YES* > > > > > > So I added to my ftp.data > > KEYRING IBMUSER/FtpSecur > > > > But that still isn't the final answer > > > > EZA2897I Authentication negotiation failed > > EZA2898I Unable to successfully negotiate required authentication > > EZA1735I Std Return Code = 10000, Error Code = 00017 > > > > > > > > On Wed, May 7, 2014 at 9:44 AM, Chase, John <jch...@ussco.com> wrote: > > > >> If you're authorized to issue RACF commands, try SR CLA(DIGTRING) to list > >> defined key rings (format is userid.ringname), then RACDCERT ID(userid) > >> LISTRING(ringname or *) to see the ring(s) contents. > >> > >> Also ensure that the root cert you're interested in has TRUST status > >> (default is NOTRUST). > >> > >> -jc- > >> > >> > -----Original Message----- > >> > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > >> On Behalf Of Mark Pace > >> > Sent: Wednesday, May 07, 2014 8:34 AM > >> > To: IBM-MAIN@LISTSERV.UA.EDU > >> > Subject: Re: z/OS FTPS Client & Linux FTP server > >> > > >> > The cipher was one of my early problems. But I figured that one out. > >> > vsftpd - ssl_ciphers=RC4-SHA > >> > z/OS - CIPHERSUITE SSL_RC4_SHA > >> > > >> > I'm certain that this Keyring is (part of) my problem. Stumbling > >> through > >> > RACF I have found that the GoDaddy Root CA is already defined in z/OS, > >> but still trying to determine > >> > if it is part of a keyring. > >> > > >> > > >> > > >> > On Wed, May 7, 2014 at 8:57 AM, Donald J. <dona...@4email.net> wrote: > >> > > >> > > Make sure client and server have a common cipher. > >> > > SSL_AES_128_SHA and SSL_AES_256_SHA are probably more commonly used > >> > > than SSL_RC4_SHA. > >> > > > >> > > Make sure the linus root certificate is in your z/OS client keyring. > >> > > > >> > > -- > >> > > Donald J. > >> > > > >> > > > >> > > > >> > > > >> > > -- > >> > > http://www.fastmail.fm - A no graphics, no pop-ups email service > >> > > > >> > > ---------------------------------------------------------------------- > >> > > For IBM-MAIN subscribe / signoff / archive access instructions, send > >> > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > > > >> > > >> > > >> > > >> > -- > >> > The postings on this site are my own and don’t necessarily represent > >> Mainline’s positions or opinions > >> > > >> > Mark D Pace > >> > Senior Systems Engineer > >> > Mainline Information Systems > >> > > >> > ---------------------------------------------------------------------- > >> > For IBM-MAIN subscribe / signoff / archive access instructions, send > >> email to lists...@listserv.ua.edu > >> > with the message: INFO IBM-MAIN > >> > >> ********************************************************************** > >> Information contained in this e-mail message and in any attachments > >> thereto is confidential. If you are not the intended recipient, please > >> destroy this message, delete any copies held on your systems, notify the > >> sender immediately, and refrain from using or disclosing all or any part of > >> its content to any other person. > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > > > > > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > > > > > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- http://www.fastmail.fm - Access your email from home and the web ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
