On 16/06/2017 5:30 AM, Gibney, Dave wrote:
I think Tony is correct. If the external server's signing CA is defined using
the appropriate Policy Rules for the z/OS Policy Agent and covering the local
Cobol client, a secure connection, transparent to the Cobol client should work.
How do you know which signing CA they use? I know I have encountered TLS
connections to the same DNS name that resolved to multiple IP addresses
with different certificates. Can AT-TLS cope with this as a client?
How does AT-TLS verify that the certificate presented belongs to the
site that the Cobol client intended to connect to i.e. not a MITM attack?
AT-TLS looks like a nice solution for a server, but for a client I don't
understand how it works.
--
Andrew Rowley
Black Hill Software
+61 413 302 386
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
