Frank,
Good find! I'm saving this one!
BobL
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Frank Swarbrick
Sent: Tuesday, April 11, 2017 3:05 PM
To: [email protected]
Subject: Re: FTP TLS options [ EXTERNAL ]
So one of our system programmers found an alternative to using AT-TLS to enable
use of TLS v1.2 with the z/OS FTP client. All you have to do is set an LE
environment variable GSK_PROTOCOL_TLSV1_2=1. Since the default (non ATTLS)
SSL/TLS for FTP uses z/OS System SSL it is affected by (I assume) all of the
"GSK environment variables" (see the "Environment variables" section of the
"z/OS Cryptographic Services System SSL Programming manual".)
In order to set this variable in a JCL environment you simply do the following:
//DOFTP EXEC PGM=FTP,PARM='your.ftps.server (EXIT'
//CEEOPTS DD *
ENVAR("GSK_PROTOCOL_TLSV1_2=1")
/*
Works like a charm! Wish it was more explicitly documented somewhere.
Frank
________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of
Frank Swarbrick <[email protected]>
Sent: Tuesday, April 11, 2017 9:24 AM
To: [email protected]
Subject: Re: FTP TLS options
I'll pass that along to those in charge of such things. :-) Thanks.
________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of Tom
Conley <[email protected]>
Sent: Monday, April 10, 2017 9:38 PM
To: [email protected]
Subject: Re: FTP TLS options
On 4/10/2017 7:04 PM, Frank Swarbrick wrote:
> I'm guessing there's a bit more to it than that, yes? Such as actually
> configuring Policy Agent?
>
Frank,
Sorry, thought you already configured PAGENT, but missed the PROFILE member,
like I did the first time I tried it. If you run z/OSMF, you can config
pagent.conf fairly easily with Configuration Assistant. If not, you can try
the samples in (WTW):
/usr/lpp/tcpip/samples/pagent_TTLS.conf
Good luck,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
This e-mail transmission may contain information that is proprietary,
privileged and/or confidential and is intended exclusively for the person(s) to
whom it is addressed. Any use, copying, retention or disclosure by any person
other than the intended recipient or the intended recipient's designees is
strictly prohibited. If you are not the intended recipient or their designee,
please notify the sender immediately by return e-mail and delete all copies.
OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or
disclose the content of all email communications.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
