Re: FTP TLS options

Tue, 11 Apr 2017 14:05:51 -0700 

So one of our system programmers found an alternative to using AT-TLS to enable 
use of TLS v1.2 with the z/OS FTP client.  All you have to do is set an LE 
environment variable GSK_PROTOCOL_TLSV1_2=1.  Since the default (non ATTLS) 
SSL/TLS for FTP uses z/OS System SSL it is affected by (I assume) all of the 
"GSK environment variables" (see the "Environment variables" section of the 
"z/OS Cryptographic Services System SSL Programming manual".)


In order to set this variable in a JCL environment you simply do the following:

//DOFTP    EXEC PGM=FTP,PARM='your.ftps.server (EXIT'
//CEEOPTS  DD *
ENVAR("GSK_PROTOCOL_TLSV1_2=1")
/*


Works like a charm!  Wish it was more explicitly documented somewhere.


Frank

________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of 
Frank Swarbrick <[email protected]>
Sent: Tuesday, April 11, 2017 9:24 AM
To: [email protected]
Subject: Re: FTP TLS options

I'll pass that along to those in charge of such things.  :-)  Thanks.

________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of Tom 
Conley <[email protected]>
Sent: Monday, April 10, 2017 9:38 PM
To: [email protected]
Subject: Re: FTP TLS options

On 4/10/2017 7:04 PM, Frank Swarbrick wrote:
> I'm guessing there's a bit more to it than that, yes?  Such as actually 
> configuring Policy Agent?
>

Frank,

Sorry, thought you already configured PAGENT, but missed the PROFILE
member, like I did the first time I tried it.  If you run z/OSMF, you
can config pagent.conf fairly easily with Configuration Assistant.  If
not, you can try the samples in (WTW):

/usr/lpp/tcpip/samples/pagent_TTLS.conf

Good luck,
Tom Conley

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to