Anything is possible. The vsftpd server is of no use for debugging. There is an ssl_debug parameter, but it doesn't produce any output.
On Wed, May 7, 2014 at 1:19 PM, Brian France <b...@psu.edu> wrote: > I saw this same message before. We had a guy here that ran a tcp trace > during the connection process, moved it to a linux workstation and used > TCPDUMP? on it. What he determined was the windows server we were trying to > connect to had a checkpoint firewall and it actually was re-writting the > first two byes of the cert. There was a setting that had to change. I know > you said no firewalls BUT is it possible that something else is doing this > on the linux server? A setting in VSFTP maybe? He left doc somewhere and if > you're interested I'll dig it up. > > > On 5/7/2014 10:38 AM, Mark Pace wrote: > >> Trying to turn on some DEBUG information >> DEBUG FLO >> >> FC1003 authServer: secure_socket_init failed with rc = 410 (SSL message >> format is incorrect) >> >> So not to try to figure out where to find this error message. >> >> >> On Wed, May 7, 2014 at 10:19 AM, Mark Pace <pacemainl...@gmail.com> >> wrote: >> >> I remember setting up something very similar to connect to IBM. So I >>> added the GoDady cert to the same keyring. >>> >>> sr cla(digtring) >>> IBMUSER.smpemaint >>> *IBMUSER.FtpSecur * >>> >>> IBMUSER.IBMRing >>> IBMUSER.SecureFTPKeyRing >>> IBMUSER.SMPEMAINT >>> TN3270.TNRING >>> *** >>> >>> >>> >>> racdcert id(ibmuser) listring(*FtpSecur*) >>> >>> Digital ring information for user IBMUSER: >>> >>> Ring: >>> >FtpSecur< >>> Certificate Label Name Cert Owner USAGE DEFAULT >>> -------------------------------- ------------ -------- ------- >>> GeoTrust Global CA CERTAUTH CERTAUTH NO >>> * Go Daddy Class 2 CERTAUTH CERTAUTH YES* >>> >>> >>> >>> So I added to my ftp.data >>> KEYRING IBMUSER/FtpSecur >>> >>> But that still isn't the final answer >>> >>> EZA2897I Authentication negotiation failed >>> EZA2898I Unable to successfully negotiate required authentication >>> EZA1735I Std Return Code = 10000, Error Code = 00017 >>> >>> >>> >>> On Wed, May 7, 2014 at 9:44 AM, Chase, John <jch...@ussco.com> wrote: >>> >>> If you're authorized to issue RACF commands, try SR CLA(DIGTRING) to >>>> list >>>> defined key rings (format is userid.ringname), then RACDCERT ID(userid) >>>> LISTRING(ringname or *) to see the ring(s) contents. >>>> >>>> Also ensure that the root cert you're interested in has TRUST status >>>> (default is NOTRUST). >>>> >>>> -jc- >>>> >>>> -----Original Message----- >>>>> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] >>>>> >>>> On Behalf Of Mark Pace >>>> >>>>> Sent: Wednesday, May 07, 2014 8:34 AM >>>>> To: IBM-MAIN@LISTSERV.UA.EDU >>>>> Subject: Re: z/OS FTPS Client & Linux FTP server >>>>> >>>>> The cipher was one of my early problems. But I figured that one out. >>>>> vsftpd - ssl_ciphers=RC4-SHA >>>>> z/OS - CIPHERSUITE SSL_RC4_SHA >>>>> >>>>> I'm certain that this Keyring is (part of) my problem. Stumbling >>>>> >>>> through >>>> >>>>> RACF I have found that the GoDaddy Root CA is already defined in z/OS, >>>>> >>>> but still trying to determine >>>> >>>>> if it is part of a keyring. >>>>> >>>>> >>>>> >>>>> On Wed, May 7, 2014 at 8:57 AM, Donald J. <dona...@4email.net> wrote: >>>>> >>>>> Make sure client and server have a common cipher. >>>>>> SSL_AES_128_SHA and SSL_AES_256_SHA are probably more commonly used >>>>>> than SSL_RC4_SHA. >>>>>> >>>>>> Make sure the linus root certificate is in your z/OS client keyring. >>>>>> >>>>>> -- >>>>>> Donald J. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> http://www.fastmail.fm - A no graphics, no pop-ups email service >>>>>> >>>>>> ------------------------------------------------------------ >>>>>> ---------- >>>>>> For IBM-MAIN subscribe / signoff / archive access instructions, send >>>>>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >>>>>> >>>>>> >>>>> >>>>> -- >>>>> The postings on this site are my own and don’t necessarily represent >>>>> >>>> Mainline’s positions or opinions >>>> >>>>> Mark D Pace >>>>> Senior Systems Engineer >>>>> Mainline Information Systems >>>>> >>>>> ---------------------------------------------------------------------- >>>>> For IBM-MAIN subscribe / signoff / archive access instructions, send >>>>> >>>> email to lists...@listserv.ua.edu >>>> >>>>> with the message: INFO IBM-MAIN >>>>> >>>> ********************************************************************** >>>> Information contained in this e-mail message and in any attachments >>>> thereto is confidential. If you are not the intended recipient, please >>>> destroy this message, delete any copies held on your systems, notify the >>>> sender immediately, and refrain from using or disclosing all or any >>>> part of >>>> its content to any other person. >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> For IBM-MAIN subscribe / signoff / archive access instructions, >>>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >>>> >>>> >>> >>> -- >>> The postings on this site are my own and don’t necessarily represent >>> Mainline’s positions or opinions >>> >>> Mark D Pace >>> Senior Systems Engineer >>> Mainline Information Systems >>> >>> >>> >>> >>> >> > -- > Brian W. France > Systems Administrator (Mainframe) > Pennsylvania State University > Administrative Information Services - Infrastructure/SYSARC > Rm 25 Shields Bldg., University Park, Pa. 16802 > 814-863-4739 > b...@psu.edu > > "To make an apple pie from scratch, you must first invent the universe." > > Carl Sagan > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
