Re: AT-TLS config help

2015-06-11 Thread Scott Ford 
Andrew:

I know I  missed something..so I appreciate the help

SyslogD:

//*
//CONFPDS EXEC PGM=SYSLOGD,REGION=30M,TIME=NOLIMIT,
//PARM='POSIX(ON) ALL31(ON)/'
Comments

//SYSPRINT DD SYSOUT=*
//SYSINDD DUMMY
//SYSERR   DD SYSOUT=*
//SYSOUT   DD SYSOUT=*
//CEEDUMP  DD SYSOUT=*

 EDIT   /ADCD113S/etc/syslog.conf   Columns 1
00072
 ** * Top of Data
**
 01 *.* /tmp/syslogd.log
 02 daemon.debug  /tmp/daemon.trace
 **  Bottom of Data



 Pagent:

//PAGENT   PROC
//*
comments.
//STDENV   DD PATH='/etc/pagent.env',PATHOPTS=(ORDONLY)
//SYSPRINT DD SYSOUT=*
//SYSOUT   DD SYSOUT=*


  ** * Top of Data
**
 01 PAGENT_CONFIG_FILE=/etc/pagent.conf
 02 PAGENT_LOG_FILE=/etc/pagent.log
 03 PAGENT_LOG_CONTROL=3000,2
 04 TZ=EST5EDTC
 **  Bottom of Data


  EDIT   /ADCD113S/etc/pagent.conf   Columns 1
00072
 ** * Top of Data
**
 01 TTLSConfig /etc/pagent.ttls.conf FLUSH
 02 LogLevel 511
 **  Bottom of Data



Regards,
Scott

On Thu, Jun 11, 2015 at 9:08 AM, Andrew Armstrong 
androidarmstr...@gmail.com wrote:

 If Pioneer is the server then I think you should code HandShakeRole
 Server.

 As for tracing, how have you configured your syslogd?

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS config help

2015-06-11 Thread Andrew Armstrong 
If Pioneer is the server then I think you should code HandShakeRole
  Server.

As for tracing, how have you configured your syslogd?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

AT-TLS config help

2015-06-10 Thread Scott Ford 
Guys/Gals:

We have a Cobol CICS Sockets STC Server with a Java client.
The Java client will send in requests and receive output from the Socket
Server.
We are on z/OS 1.13 ,,below is my ‘pagent.ttls.conf’

TTLSRule PioneerServer
{
 LocalPortRange 5799
 JobName PIONEER
 Direction Inbound
 Priority 1
 TTLSGroupActionRef PionGrpAct
 TTLSEnvironmentActionRef PionEnvAct
 TTLSConnectionActionRef  PionConn
}
TTLSGroupAction PionGrpAct
{
 TTLSEnabled On
 FIPS140 Off
 Trace 15  # Log Errors to syslogd * IP joblog
}
TTLSEnvironmentActionPionEnvAct
{
 HandShakeRole  Client
 TTLSKeyRingParmsRefPionRing
}
TTLSKeyRingParmsPionRing
{
  Keyring  pionring
}
TTLSConnectionActionPionConn
{
 TTLSConnectionAdvancedParms
 {
   SSLv2 Off
   SSLv3 On
   TLSv1 On
 }
}

I have SYSLOGD configured ..but I am not seeing trace output ..
Can someone offer some help.

The Java partner supports:

CS 0 is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
CS 1 is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
CS 2 is TLS_RSA_WITH_AES_128_CBC_SHA
CS 3 is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
CS 4 is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
CS 5 is TLS_DHE_RSA_WITH_AES_128_CBC_SHA
CS 6 is TLS_DHE_DSS_WITH_AES_128_CBC_SHA
CS 7 is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
CS 8 is TLS_ECDHE_RSA_WITH_RC4_128_SHA
CS 9 is SSL_RSA_WITH_RC4_128_SHA
CS 10 is TLS_ECDH_ECDSA_WITH_RC4_128_SHA
CS 11 is TLS_ECDH_RSA_WITH_RC4_128_SHA
CS 12 is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
CS 13 is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
CS 14 is SSL_RSA_WITH_3DES_EDE_CBC_SHA
CS 15 is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
CS 16 is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
CS 17 is SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
CS 18 is SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
CS 19 is SSL_RSA_WITH_RC4_128_MD5
CS 20 is TLS_EMPTY_RENEGOTIATION_INFO_SCSV
CS 21 is SSL_RSA_WITH_DES_CBC_SHA
CS 22 is SSL_RSA_EXPORT_WITH_RC4_40_MD5
CS 23 is SSL_RSA_WITH_NULL_SHA
CS 24 is SSL_RSA_WITH_NULL_MD5
CS 25 is TLS_RSA_WITH_NULL_SHA256‏


Regards,
Scott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS config help

2015-06-10 Thread Donald J. 
after the Trace 15, add something like this:
{   
   SyslogFacility   auth
}   

-- 
  Donald J.
  dona...@4email.net

On Wed, Jun 10, 2015, at 12:16 PM, Scott Ford wrote:
 Guys/Gals:
 
 We have a Cobol CICS Sockets STC Server with a Java client.
 The Java client will send in requests and receive output from the Socket
 Server.
 We are on z/OS 1.13 ,,below is my ‘pagent.ttls.conf’
 
 TTLSRule PioneerServer
 {
  LocalPortRange 5799
  JobName PIONEER
  Direction Inbound
  Priority 1
  TTLSGroupActionRef PionGrpAct
  TTLSEnvironmentActionRef PionEnvAct
  TTLSConnectionActionRef  PionConn
 }
 TTLSGroupAction PionGrpAct
 {
  TTLSEnabled On
  FIPS140 Off
  Trace 15  # Log Errors to syslogd * IP joblog
 }
 TTLSEnvironmentActionPionEnvAct
 {
  HandShakeRole  Client
  TTLSKeyRingParmsRefPionRing
 }
 TTLSKeyRingParmsPionRing
 {
   Keyring  pionring
 }
 TTLSConnectionActionPionConn
 {
  TTLSConnectionAdvancedParms
  {
SSLv2 Off
SSLv3 On
TLSv1 On
  }
 }
 
 I have SYSLOGD configured ..but I am not seeing trace output ..
 Can someone offer some help.
 
 

-- 
http://www.fastmail.com - Faster than the air-speed velocity of an
  unladen european swallow

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN