there is a relatively new red piece on how to configure TLS with
tn3270: IBM z/OS IBM Personal Communications TTLS Enablement at
http://www.redbooks.ibm.com/redpapers/pdfs/redp5538.pdf
ITschak
On Sat, Nov 9, 2019 at 4:08 AM Greg Boyd
wrote:
> System SSL (aka TLS) will work without ICSF being
System SSL (aka TLS) will work without ICSF being active and without CEX cards
being available. You may not like the performance and some functions (i.e.
specifically ECC) may not work. Elliptic Curve (ECC) requires that CEX cards
are available and ICSF is active, to drive those operations to
> Do we need ICSF to be running while implementing ATTLS ?
I ran AT-TLS on a 2.1 RDT system *without* ICSF without a problem. And it was
for more than just TN3270 traffic at TLS 1.2. I haven't tried at a higher z/OS
level, but I don't think you need ICSF.
Regards, Barbara
.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
R.S.
Sent: Thursday, November 7, 2019 12:35 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CPACF for TN3270 encryption
IMHO the problem is with using file utilities for datasets.
File - understo
IMHO the problem is with using file utilities for datasets.
File - understood as MS-DOS, unix or Windows file - it is just (ordered)
set of bytes. No internal structure like blocks or records. File formats
like XLS, TXT, DOC are interpretation of some applications, it is not
visible
Dataset -
On 11/7/2019 9:49 AM, Jake Anderson wrote:
Do we need ICSF to be running while implementing ATTLS ?
Jake,
Yes.
Regards,
Tom Conley
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
Do we need ICSF to be running while implementing ATTLS ?
On Wed, 30 Oct, 2019, 2:22 PM Mike Wawiorko, <
014ab5cdfb21-dmarc-requ...@listserv.ua.edu> wrote:
> 3270 with SSL/TLS is implemented in System SSL - if you really need to
> know more I'd read up on that.
>
> Another PAGENT policy
3270 with SSL/TLS is implemented in System SSL - if you really need to know
more I'd read up on that.
Another PAGENT policy function IPSEC tunnels does have the option for ZIIP
assist so if you're running 3270 or other traffic within tunnels you may be
using ZIIP.
Mike Wawiorko
This e-mail
Jake Anderson asked:
>Is it possible to encrypt TN3270 connectivity using CPACF ?
And then later added:
>We got this feature along with our z14 so wanted to make use of this and am
>not sure if PAGENT traffic can be offloaded to zIIP
Just to be clear: CPACF is crypto in the chip (much
We got this feature along with our z14 so wanted to make use of this and am
not sure if PAGENT traffic can be offloaded to zIIP
On Tue, 29 Oct, 2019, 9:26 PM R.S., wrote:
> Michael,
> It's not so easy.
> You use encrypted communication. That's what you know.
> However you don't know what
Michael,
It's not so easy.
You use encrypted communication. That's what you know.
However you don't know what hardware is used for enciphering/deciphering
data.
I'm rather sure that it is NOT CryptoExpress card (let's omit
handshaking). Note, CPACF is not CryptoExpress. You can have CPACF and
Try this aging SHARE presentation from 2014. You'll probably find a more recent
one if your search the web or SHARE.
https://share.confex.com/share/123/webprogram/Handout/Session15660/SharePittsburgh15660_Aug2014_System_SSL_And_Crypto.pdf
Mike Wawiorko
This e-mail and any attachments are
I can’t say I’m 100% sure but highly suspect it does. We don’t have our
crypto express cards configured yet so I know it’s not using them.
On Tue, Oct 29, 2019 at 4:44 AM Jake Anderson
wrote:
> "We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
> TLS 1.2 via IBM’s
"We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
TLS 1.2 via IBM’s policy agent"
All its workload goes to CPACF ?
On Tue, 29 Oct, 2019, 1:42 PM Michael Babcock,
wrote:
> We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
> TLS 1.2 via IBM’s
We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
TLS 1.2 via IBM’s policy agent.
On Tue, Oct 29, 2019 at 4:03 AM Jake Anderson
wrote:
> Hi
>
> Is it possible to encrypt TN3270 connectivity using CPACF ?
>
> Just trying to understand its functionality and has anyone
Yes, if you use the policy agent (PAGENT).
ITschak
On Tue, Oct 29, 2019 at 11:03 AM Jake Anderson
wrote:
> Hi
>
> Is it possible to encrypt TN3270 connectivity using CPACF ?
>
> Just trying to understand its functionality and has anyone tried this
> functionality implementated for TN3270
] On Behalf
Of Carmen Vitullo
Sent: 08 February 2017 14:02
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CPACF DES/TDES enablement feature 3863 with no Co
Processors/Express Cards
Inquiring minds and all, keep us posted if you can about MFA on Z, we're using
MFA for Winders, and so far I'm not a fan
2017 7:55:29 AM
Subject: Re: CPACF DES/TDES enablement feature 3863 with no Co
Processors/Express Cards
Many thanks. I was overreading the install.
Onto Multi Factor Authentication!.
Crispin Hugo
Systems Specialist
Macro 4 Limited
d: +44 1293 872121 | m: +44 7753951308 | t: +44 1293 872000
-MAIN@LISTSERV.UA.EDU] On Behalf
Of Mark Jacobs - Listserv
Sent: 08 February 2017 13:37
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CPACF DES/TDES enablement feature 3863 with no Co
Processors/Express Cards
There should be no differences in ICSF setup in a CPACF only environment. ICSF
will query
W dniu 2017-02-08 o 14:11, Crispin Hugo pisze:
I have been tasked with setting up ICSF . We have CPACF DES/TDES enablement
feature 3863 with no Co Processors/Express Card on zBC12.
All the manuals I have read only seem to show configuration as you had Express
cards.
Anybody able to point me
There should be no differences in ICSF setup in a CPACF only
environment. ICSF will query the system at startup for available
hardware support. Anything that can't be done either by CPACF machine
instructions or via software emulation will fail. These failures mostly
relate to secure/protected
Peter is correct about checking the status from the SE. If you are running on
a z890/z990 or later, then the machine comes with the CPACF hardware. However,
you have to have FC #3863 installed to enable it. That's how we handle the
export restrictions on crypto technology. If you're from
No that I know of.
Bit 0x40 of Byte 2 of the FLCFACL field of the PSA is documented in POP as
an indicator.
After that, you can use the KMC or KMD instructions to interrogate which
CPACF functions are available.
Kirk Wolf
Dovetailed Technologies
http://dovetail.com
On Thu, Aug 29, 2013 at
Yes.
Bit 17 of the result area of the STFLE (Store Facility List Extended)
instruction is set to one (1) when the Message Security Assist (i.e., CPACF) is
available.
In addition, bit 76 is set to one (1) when the Message Security Assist
Extension 3 is available, and bit 77 is set to one (1)
Hi,
Maybe not a command, but I noticed these messages when I start my TN3270
server w/SSL support. This is from a z9BC. I *think* this indicates CPACF is
installed and active.
System SSL: SHA-1 crypto assist is available
System SSL: SHA-224 crypto assist is available
On Thu, 29 Aug 2013 15:45:08 -0500, gsg gsg_...@yahoo.com wrote:
Sorry about that. I was told that you can check to see if CPACF is active
fromt he HMC console. I was asking where to find it. does anyone know of any
other way?
Have a look at the CSFCCVT control block - described in SYS1.MODGEN.
Hope that helps...
Roger
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO
..forgot to addlook at File 771 on the CBT Tape (www.cbttape.org) and the
ICSF Monitor.
Roger
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO
28 matches
Mail list logo