Re: AT-TLS config help
Andrew: I know I missed something..so I appreciate the help SyslogD: //* //CONFPDS EXEC PGM=SYSLOGD,REGION=30M,TIME=NOLIMIT, //PARM='POSIX(ON) ALL31(ON)/' Comments //SYSPRINT DD SYSOUT=* //SYSINDD DUMMY //SYSERR DD SYSOUT=* //SYSOUT DD SYSOUT=* //CEEDUMP DD SYSOUT=* EDIT /ADCD113S/etc/syslog.conf Columns 1 00072 ** * Top of Data ** 01 *.* /tmp/syslogd.log 02 daemon.debug /tmp/daemon.trace ** Bottom of Data Pagent: //PAGENT PROC //* comments. //STDENV DD PATH='/etc/pagent.env',PATHOPTS=(ORDONLY) //SYSPRINT DD SYSOUT=* //SYSOUT DD SYSOUT=* ** * Top of Data ** 01 PAGENT_CONFIG_FILE=/etc/pagent.conf 02 PAGENT_LOG_FILE=/etc/pagent.log 03 PAGENT_LOG_CONTROL=3000,2 04 TZ=EST5EDTC ** Bottom of Data EDIT /ADCD113S/etc/pagent.conf Columns 1 00072 ** * Top of Data ** 01 TTLSConfig /etc/pagent.ttls.conf FLUSH 02 LogLevel 511 ** Bottom of Data Regards, Scott On Thu, Jun 11, 2015 at 9:08 AM, Andrew Armstrong androidarmstr...@gmail.com wrote: If Pioneer is the server then I think you should code HandShakeRole Server. As for tracing, how have you configured your syslogd? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: AT-TLS config help
If Pioneer is the server then I think you should code HandShakeRole Server. As for tracing, how have you configured your syslogd? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
AT-TLS config help
Guys/Gals: We have a Cobol CICS Sockets STC Server with a Java client. The Java client will send in requests and receive output from the Socket Server. We are on z/OS 1.13 ,,below is my ‘pagent.ttls.conf’ TTLSRule PioneerServer { LocalPortRange 5799 JobName PIONEER Direction Inbound Priority 1 TTLSGroupActionRef PionGrpAct TTLSEnvironmentActionRef PionEnvAct TTLSConnectionActionRef PionConn } TTLSGroupAction PionGrpAct { TTLSEnabled On FIPS140 Off Trace 15 # Log Errors to syslogd * IP joblog } TTLSEnvironmentActionPionEnvAct { HandShakeRole Client TTLSKeyRingParmsRefPionRing } TTLSKeyRingParmsPionRing { Keyring pionring } TTLSConnectionActionPionConn { TTLSConnectionAdvancedParms { SSLv2 Off SSLv3 On TLSv1 On } } I have SYSLOGD configured ..but I am not seeing trace output .. Can someone offer some help. The Java partner supports: CS 0 is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA CS 1 is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA CS 2 is TLS_RSA_WITH_AES_128_CBC_SHA CS 3 is TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA CS 4 is TLS_ECDH_RSA_WITH_AES_128_CBC_SHA CS 5 is TLS_DHE_RSA_WITH_AES_128_CBC_SHA CS 6 is TLS_DHE_DSS_WITH_AES_128_CBC_SHA CS 7 is TLS_ECDHE_ECDSA_WITH_RC4_128_SHA CS 8 is TLS_ECDHE_RSA_WITH_RC4_128_SHA CS 9 is SSL_RSA_WITH_RC4_128_SHA CS 10 is TLS_ECDH_ECDSA_WITH_RC4_128_SHA CS 11 is TLS_ECDH_RSA_WITH_RC4_128_SHA CS 12 is TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA CS 13 is TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA CS 14 is SSL_RSA_WITH_3DES_EDE_CBC_SHA CS 15 is TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA CS 16 is TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA CS 17 is SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA CS 18 is SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA CS 19 is SSL_RSA_WITH_RC4_128_MD5 CS 20 is TLS_EMPTY_RENEGOTIATION_INFO_SCSV CS 21 is SSL_RSA_WITH_DES_CBC_SHA CS 22 is SSL_RSA_EXPORT_WITH_RC4_40_MD5 CS 23 is SSL_RSA_WITH_NULL_SHA CS 24 is SSL_RSA_WITH_NULL_MD5 CS 25 is TLS_RSA_WITH_NULL_SHA256 Regards, Scott -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: AT-TLS config help
after the Trace 15, add something like this: { SyslogFacility auth } -- Donald J. dona...@4email.net On Wed, Jun 10, 2015, at 12:16 PM, Scott Ford wrote: Guys/Gals: We have a Cobol CICS Sockets STC Server with a Java client. The Java client will send in requests and receive output from the Socket Server. We are on z/OS 1.13 ,,below is my ‘pagent.ttls.conf’ TTLSRule PioneerServer { LocalPortRange 5799 JobName PIONEER Direction Inbound Priority 1 TTLSGroupActionRef PionGrpAct TTLSEnvironmentActionRef PionEnvAct TTLSConnectionActionRef PionConn } TTLSGroupAction PionGrpAct { TTLSEnabled On FIPS140 Off Trace 15 # Log Errors to syslogd * IP joblog } TTLSEnvironmentActionPionEnvAct { HandShakeRole Client TTLSKeyRingParmsRefPionRing } TTLSKeyRingParmsPionRing { Keyring pionring } TTLSConnectionActionPionConn { TTLSConnectionAdvancedParms { SSLv2 Off SSLv3 On TLSv1 On } } I have SYSLOGD configured ..but I am not seeing trace output .. Can someone offer some help. -- http://www.fastmail.com - Faster than the air-speed velocity of an unladen european swallow -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN