We currently use the following options for client connections to an FTPS server:
SECURE_MECHANISM TLS ;Use TLS, if supported by server SECURE_DATACONN PRIVATE ;Protect data connection when using TLS KEYRING FTPS/ftpsring ;Key ring for TLS encryption NETRCLEVEL 2 ;Use userid.NETRC by default LOGCLIENTERR TRUE ;Log errors to the console CLIENTERRCODES EXTENDED EPSV4 TRUE ;Extended Passive mode We're trying to connect to a new server and its failing. With "verbose mode" on the client I see the following: Using 'DVFJS.FTP.DATA' for local site configuration parameters. Using //'TCPIP.STANDARD.TCPXLBIN' for FTP translation tables for the control connection. Using //'TCPIP.STANDARD.TCPXLBIN' for FTP translation tables for the data connection. IBM FTP CS V2R2 Using catalog '/usr/lib/nls/msg/C/ftpdmsg.cat' for FTP messages. Connecting to: ServUmft.FB 10.0.34.16 port: 3443. 220 Serv-U FTP Server v15.1 ready... FC0270 ftpAuth: security values: mech=TLS, tlsmech=FTP, tlsreuse=N, sFTP=A, sCC=C, sDC=P FC0317 ftpAuth: ........ cipherspecs = FC0362 ftpAuth: environment_open() FC0526 ftpAuth: environment_init() FC0535 ftpAuth: environment initialization complete >>> AUTH TLS 234 AUTH command OK. Initializing SSL connection. FC0989 authServer: secure_socket_open() FC1056 authServer: secure_socket_init() FC1069 authServer: secure_socket_init failed with rc = 420 (Socket closed by remote partner) FC1543 endSecureConn: entered Authentication negotiation failed FC1575 endSecureEnv: entered *** Control connection with ServUmft.FB dies. SC4159 SETCEC code = 10 You must first issue the 'OPEN' command PC1047 logClientErrMsg: entered PC0945 setClientRC: entered PC1015 setClientRC: std_rc=10234, rc_type=STD, rc=10234 DVFJS4 FTP failed - Cmd = 10(open) Reply = 234 NX STD RC = 10234 The server has the following logs: [02] Fri 07Apr17 10:05:47 - (263266) Connected to 10.0.200.250 (local address 10.0.36.53, port 3443) [02] Fri 07Apr17 10:05:47 - (263266) Unable to establish SSL connection (unknown protocol) [02] Fri 07Apr17 10:05:47 - (263266) Closed session The server also indicates use of the following Protocol: TLS1.2 Key exchange: ECDHE-RSA Cipher: AES-256-GCM MAC: AEAD Are these supported on z/OS? If so, what config settings are required? Thanks, Frank ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
