Hi Mike. I assume you mean: TLSMECHANISM ATTLS where the default (which we use) is TLSMECHANISM FTP
Unfortunately we don't currently have AT-TLS set up. When I try to use it I get the following: AT-TLS not enabled on TCPCONFIG Does z/OS FTP not support TLS v1.2 when TLSMECHANISM=FTP? I am not a sysprog so I can't speak to the question about IBM's security vulnerability warnings. Frank ________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Mike Wawiorko <[email protected]> Sent: Monday, April 10, 2017 4:10 AM To: [email protected] Subject: Re: FTP TLS options Frank, You should change to AT-TLS SECURE_MECHANISM ATTLS That will get TLSv1.2 support but just as important will allow you to use newer cipher suites. Many of the older cipher suites supported by the FTP client (or server) internal SSL/TLS function have been the subject of security warnings over the last couple of years. Do you subscribe to IBM's security vulnerability warnings? Mike Wawiorko -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Frank Swarbrick Sent: 07 April 2017 19:28 To: [email protected] Subject: Re: FTP TLS options Does z/OS 2.2 support TLS v1.2 for FTP clients without the use of AT-TLS? This new server we have is (currently) configured to support only TLS v1.2, and nothing earlier. We're trying to get approval to "back down" to TLS v1.0, but I figured I'd ask this anyway. Frank nstructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 122702). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
