Gidday, We're looking to implement FTPS with certificates and SSL/TLS. We've tried z/OS but it would appear that the server refuses to process Clear Command Channel commands. So now we're looking for alternatives such as under z/VM or z/Linux.
The RFC 4217 that z/VM 5.3 supposedly uses (at http://tools.ietf.org/html/rfc4217#page-25) states... 15.3. Issues with the CCC Command Using the CCC command can create security issues. For a full description, see the "CLEAR COMMAND CHANNEL (CCC)" section of [RFC-2228]. Clients should not assume that a server will allow the CCC command to be processed. Server implementations may wish to refuse to process the CCC command on a session that has not passed through some form of client authentication (e.g., TLS client auth or FTP USER/PASS). This can prevent anonymous clients from repeatedly requesting AUTH TLS followed by CCC to tie up resources on the server. ... but I didn't find anything in the z/VM 5.3 TCP/IP manuals to indicate whether CCC will work. Can anyone advise whether it will work? Regards, Fred Schmidt Department of Corporate and Information Services (DCIS) Data Centre Services (DCS) Northern Territory Government, Australia
