Re: AT-TLS ? Very Basic Questions

2020-07-01 Thread Tom Brennan
ist [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 9:46 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions Thanks KB... I think I got my basic question answered, which is that one thing AT-TLS was designed for is to encrypt data

Re: AT-TLS ? Very Basic Questions

2020-07-01 Thread Charles Mills
: Wednesday, July 1, 2020 6:43 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions Some programs will soon no longer be able to do their own TLS encryption. https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/0/877/ENUSZP19-0410/index.html_locale=en#sodx

Re: AT-TLS ? Very Basic Questions

2020-07-01 Thread Charles Mills
rles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 9:46 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions Thanks KB... I think I got my basic question answered, whic

Re: AT-TLS ? Very Basic Questions

2020-07-01 Thread Mike Wawiorko
to secure FTP client traffic. Mike Wawiorko   -Original Message- From: IBM Mainframe Discussion List On Behalf Of Tom Brennan Sent: 01 July 2020 05:46 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions This mail originated from outside our organisation - t

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Tom Brennan
n List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of kekronbekron Sent: Tuesday, June 30, 2020 2:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Hi LBD!, Check these out- http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIn

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread kekronbekron
gt; > > "Worry more about your character than your reputation. Character is > > > > what you are, reputation merely what others think you are." - John > > > > Wooden > > > > -Original Message- > > > > From: IBM Mainframe Discussi

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Tom Brennan
"Worry more about your character than your reputation. Character is what you are, reputation merely what others think you are." - John Wooden -Original Message- From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of kekronbekron Sent: Tuesday, June 30, 2020 2:34

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread kekronbekron
utation merely what others think you are." - John Wooden > > -Original Message- > > From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of > > kekronbekron > > Sent: Tuesday, June 30, 2020 2:34 AM > > To: IBM-MAIN@LISTSERV.UA.EDU > >

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Allan Staller
DU Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Thanks Allan.

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Tom Brennan
Mainframe Discussion List On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 12:19 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open a

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Allan Staller
- From: IBM Mainframe Discussion List On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 12:19 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Allan Staller
, 2020 12:10 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Steve Beaver
: Tuesday, June 30, 2020 11:58 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar last week, but I'm still missing what I imagine are important background points. Maybe someone here can explain things

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Mike Hochee
-Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Tuesday, June 30, 2020 1:34 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions Caution! This message was sent from outside your organization

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Don Poitras
In article you wrote: > I've tried to skim some of the AT-TLS doc, and even attended an IBM > webinar last week, but I'm still missing what I imagine are important > background points. Maybe someone here can explain things, but don't > worry too much about it. > Client and server programs

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Jackson, Rob
On Behalf Of Jackson, Rob Sent: Tuesday, June 30, 2020 1:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [Originated Externally]Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when clicking links or opening attachments.] My turn to say interesting! I didn't look it up; just going

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Paul Gilmartin
On Tue, 30 Jun 2020 09:57:48 -0700, Tom Brennan wrote: >... >Then if so, what happens on the FTP client side? I certainly can't use >the Windows FTP command, for example, because it's not setup for any >kind of encryption. That's kind of my big question here. > I believe that (sometimes)

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Jackson, Rob
Of Lennie Dymoke-Bradshaw Sent: Tuesday, June 30, 2020 1:18 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when clicking links or opening attachments.] I have TLS 1.2 working in my TN3270 server without AT-TLS. This is on z/OS 2.3 Lennie

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Marshall Stone
30, 2020 1:19 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions Do you know if either of those require AT-TLS? When I installed and configured SSHD last (a couple of years ago) it did its own encryption. I never worked with anything called FTPS. On 6/30

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Tom Brennan
: [EXTERNAL] Re: AT-TLS ? Very Basic Questions I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar last week, but I'm still missing what I imagine are important background points. Maybe someone here can explain things, but don't worry too much about it. Client

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Lennie Dymoke-Bradshaw
, June 30, 2020 12:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when clicking links or opening attachments.] I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar last week, but I'm still missing what I imagine

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Tom Brennan
: Tuesday, June 30, 2020 12:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when clicking links or opening attachments.] I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar last week, but I'm still missing what I

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Marshall Stone
: Tuesday, June 30, 2020 12:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar last week, but I'm still missing what I imagine are important background points. Maybe someone here can

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Jackson, Rob
in AT-TLS. First Horizon Bank Mainframe Technical Support -Original Message- From: IBM Mainframe Discussion List On Behalf Of Tom Brennan Sent: Tuesday, June 30, 2020 12:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Very Basic Questions [External Email. Exercise caution when

Re: AT-TLS ? Very Basic Questions

2020-06-30 Thread Tom Brennan
Tuesday, June 30, 2020 2:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Hi LBD!, Check these out- http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415 http://www-03.ibm.com/support/techdocs/atsmastr.n

Re: AT-TLS ?

2020-06-30 Thread Lionel B Dyck
st On Behalf Of kekronbekron Sent: Tuesday, June 30, 2020 2:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Hi LBD!, Check these out- http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415 http://www-03.ib

Re: AT-TLS ?

2020-06-30 Thread kekronbekron
Hi LBD!, Check these out- http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416 http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415 http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414 - KB ‐‐‐ Original Message ‐‐‐ On Monday, June 29,

Re: AT-TLS ?

2020-06-29 Thread Rob Schramm
Redbooks are both helpful and not. There was an old presentation on it (share) that I found really helpful and insightful. Do you have zosmf setup? If not it is possible to use the samples to set it up. On Sun, Jun 28, 2020, 18:26 Lionel B Dyck wrote: > Anyone have any pointers for

Re: AT-TLS ?

2020-06-29 Thread Roberto Halais
r character than your reputation. Character is what > you are, reputation merely what others think you are." - John Wooden > > -Original Message- > From: IBM Mainframe Discussion List On Behalf > Of > Mike Hochee > Sent: Sunday, June 28, 2020 7:08 PM > To: IBM-MAIN@LIS

Re: AT-TLS ?

2020-06-29 Thread Lionel B Dyck
haracter is what you are, reputation merely what others think you are." - John Wooden -Original Message- From: IBM Mainframe Discussion List On Behalf Of Wendell Lovewell Sent: Monday, June 29, 2020 8:38 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Lionel, what type of endp

Re: AT-TLS ?

2020-06-29 Thread Wendell Lovewell
Lionel, what type of endpoints are you wanting to use AT-TLS to secure? I might have some notes that would help. Here is some general information about diagnosing AT-TLS errors: If there is a problem making the connection, AT-TLS will display error on the console. Here are a few examples.

Re: AT-TLS ?

2020-06-29 Thread Steve Beaver
Well that does take digital certs and pagant. Now there are currently no vendors that support AT-ALS if you are looking for something like TPX or CL/SS the answer is no Sent from my iPhone I promise you I can’t type or Spell on any smartphone > On Jun 28, 2020, at 22:04, Gibney, Dave wrote:

Re: AT-TLS ?

2020-06-29 Thread Lionel B Dyck
-Original Message- From: IBM Mainframe Discussion List On Behalf Of Mike Hochee Sent: Sunday, June 28, 2020 7:08 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS ? Hi Lionel, I did this a few years back and utilized it for a product. Below are a few items from the product doc a

Re: AT-TLS ?

2020-06-28 Thread Wayne Bickerdike
The Redbook : http://www.redbooks.ibm.com/redbooks/pdfs/sg248041.pdf On Mon, Jun 29, 2020 at 3:30 PM Wayne Bickerdike wrote: > The IBM Redbook for RACF RRSF has most of the information needed to > configure AT-TLS. > > We're in the process of rolling out RRSF for RACF password sync. It's >

Re: AT-TLS ?

2020-06-28 Thread Wayne Bickerdike
The IBM Redbook for RACF RRSF has most of the information needed to configure AT-TLS. We're in the process of rolling out RRSF for RACF password sync. It's working between two of our plexes, I followed the book, used SYS1.SAMPLIB examples rather than attempting via zOSMF. On Mon, Jun 29, 2020 at

Re: AT-TLS ?

2020-06-28 Thread Itschak Mugzach
A simpler way is to write the protocol yourself. It requires zero configuration other than a set of certificates. Have a look at z/os web enablement toolkit (Http/https protocol enabler portion). Works great and fully supports Rexx. ITschak *| **Itschak Mugzach | Director | SecuriTeam Software

Re: AT-TLS ?

2020-06-28 Thread Gibney, Dave
The details in the documentation is a bit scattered. Including separate sections for FTPS and tn3270 > -Original Message- > From: IBM Mainframe Discussion List On > Behalf Of Lionel B Dyck > Sent: Sunday, June 28, 2020 3:26 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: AT-TLS ? > >

Re: AT-TLS ?

2020-06-28 Thread Mike Hochee
Hi Lionel, I did this a few years back and utilized it for a product. Below are a few items from the product doc and a few more that remain in accessible memory areas... - Read the relevant sections of Comm Server IP Configuration Ref, specifically in the chapter on Policy Agent (PA) and

Re: SSL/TLS MSU usage

2018-08-14 Thread Parwez Hamid
Mounif, I am unable to comment on any 'increase' of the CP utilization. CPACF has been around for a very long time. Both the systems you mention have the CPACF function. You will need a no charge feature (not available for embargoed countries) for microcode to enable CPACF. The other key point

Re: SSL/TLS MSU usage

2018-08-13 Thread Brian Westerman
The z13 (and I think b|ec12s) have CPACF built into each physical CPU, the older machines had CPACF but it was shared between multiple processors. There is some extra CPU involved when you don't have a cryptoexpress (CEX), but you have to remember that not everything is or can be offloaded to

Re: AT-TLS for HTTP

2018-07-05 Thread Rob Schramm
It is probably just my own FUD that is making me doubt it. Rob Schramm On Thu, Jul 5, 2018, 1:59 PM Mike Hochee wrote: > I have not used it for that specifically, but I don't see why not. The > policy based rules allow for job/task names and support wildcards, and you > might not even need

Re: AT-TLS for HTTP

2018-07-05 Thread Mike Hochee
I have not used it for that specifically, but I don't see why not. The policy based rules allow for job/task names and support wildcards, and you might not even need those if you can filter based on a unique port range. I've been impressed with AT-TLS, as it offers a lot of customization

Re: AT-TLS replace ICF processor ?

2017-05-02 Thread Charles Mills
I believe AT-TLS generally utilizes ICSF which in turn may utilize your crypto hardware. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Tuesday, May 2, 2017 11:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re

Re: AT-TLS replace ICF processor ?

2017-05-02 Thread R.S.
W dniu 2017-04-25 o 18:42, Nathan Astle pisze: Hi Cross posted Not trying to.resolve anything. Recently had a discussion with a TCPIP/SNA person and he feels that most of the task offloaded to ICF processor can be handled by AT-TLS. I was not.able to make any sense out of it. Aren't ICF

Re: FTP TLS options

2017-04-11 Thread Lester, Bob
Frank, Good find! I'm saving this one! BobL -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Frank Swarbrick Sent: Tuesday, April 11, 2017 3:05 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options [ EXTERNAL ] So one

Re: FTP TLS options

2017-04-11 Thread Frank Swarbrick
frank.swarbr...@outlook.com> Sent: Tuesday, April 11, 2017 9:24 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options I'll pass that along to those in charge of such things. :-) Thanks. From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU>

Re: FTP TLS options

2017-04-11 Thread Frank Swarbrick
I'll pass that along to those in charge of such things. :-) Thanks. From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Tom Conley <pinnc...@rochester.rr.com> Sent: Monday, April 10, 2017 9:38 PM To: IBM-MAIN@LISTSERV.UA.EDU

Re: FTP TLS options

2017-04-11 Thread Frank Swarbrick
TLS level, but this appears to be what is occurring. From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Gibney, Dave <gib...@wsu.edu> Sent: Monday, April 10, 2017 8:03 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options I a

Re: AT-TLS setup question

2017-04-11 Thread Tom Conley
On 4/11/2017 9:17 AM, Ernest Nachtigall wrote: I have two clients, one running SSLv3, the other AT-TLSv1.2 These are ATM machines in my test environment. The SSLv3 support uses a user module, the other is using AT-TLS already. I need to temporarily support the SSLv3 client to ease migration

Re: FTP TLS options

2017-04-10 Thread Tom Conley
On 4/10/2017 7:04 PM, Frank Swarbrick wrote: I'm guessing there's a bit more to it than that, yes? Such as actually configuring Policy Agent? Frank, Sorry, thought you already configured PAGENT, but missed the PROFILE member, like I did the first time I tried it. If you run z/OSMF, you

Re: FTP TLS options

2017-04-10 Thread Gibney, Dave
LISTSERV.UA.EDU > Subject: Re: FTP TLS options > > Yes. But policy agent is not actually that hard...But on zOS GT 1.13 you need > zOSMF as well. > > Rob Schramm > > On Mon, Apr 10, 2017, 7:05 PM Frank Swarbrick > <frank.swarbr...@outlook.com> > wrote: > &g

Re: FTP TLS options

2017-04-10 Thread Rob Schramm
Policy Agent? > > > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf > of Tom Conley <pinnc...@rochester.rr.com> > Sent: Monday, April 10, 2017 3:46 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: FTP TLS options &g

Re: FTP TLS options

2017-04-10 Thread Frank Swarbrick
To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options On 4/10/2017 3:15 PM, Frank Swarbrick wrote: > Hi Mike. > > I assume you mean: > TLSMECHANISM ATTLS > where the default (which we use) is > TLSMECHANISM FTP > > Unfortunately we don't currently have AT

Re: FTP TLS options

2017-04-10 Thread Tom Conley
On 4/10/2017 3:15 PM, Frank Swarbrick wrote: Hi Mike. I assume you mean: TLSMECHANISM ATTLS where the default (which we use) is TLSMECHANISM FTP Unfortunately we don't currently have AT-TLS set up. When I try to use it I get the following: AT-TLS not enabled on TCPCONFIG Does z/OS

Re: FTP TLS options

2017-04-10 Thread Frank Swarbrick
Sent: Monday, April 10, 2017 4:10 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: FTP TLS options Frank, You should change to AT-TLS SECURE_MECHANISM ATTLS That will get TLSv1.2 support but just as important will allow you to use newer cipher suites. Many of the older cipher suites supported by th

Re: FTP TLS options

2017-04-10 Thread Mike Wawiorko
@LISTSERV.UA.EDU Subject: Re: FTP TLS options Does z/OS 2.2 support TLS v1.2 for FTP clients without the use of AT-TLS? This new server we have is (currently) configured to support only TLS v1.2, and nothing earlier. We're trying to get approval to "back down" to TLS v1.0, but I figur

Re: FTP TLS options

2017-04-07 Thread Frank Swarbrick
Does z/OS 2.2 support TLS v1.2 for FTP clients without the use of AT-TLS? This new server we have is (currently) configured to support only TLS v1.2, and nothing earlier. We're trying to get approval to "back down" to TLS v1.0, but I figured I'd ask this anyway. Frank

Re: AT-TLS config help

2015-06-11 Thread Scott Ford
Andrew: I know I missed something..so I appreciate the help SyslogD: //* //CONFPDS EXEC PGM=SYSLOGD,REGION=30M,TIME=NOLIMIT, //PARM='POSIX(ON) ALL31(ON)/' Comments //SYSPRINT DD SYSOUT=* //SYSINDD DUMMY

Re: AT-TLS config help

2015-06-11 Thread Andrew Armstrong
If Pioneer is the server then I think you should code HandShakeRole Server. As for tracing, how have you configured your syslogd? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to

Re: AT-TLS config help

2015-06-10 Thread Donald J.
after the Trace 15, add something like this: { SyslogFacility auth } -- Donald J. dona...@4email.net On Wed, Jun 10, 2015, at 12:16 PM, Scott Ford wrote: Guys/Gals: We have a Cobol CICS Sockets STC

Re: AT-TLS question , issue

2015-05-15 Thread Scott Ford
Rob, Sorry for the late reply. The mismatch of ciphers was ADCD, this version of z/OS appears to give the customer a subset of ciphers. I am in the process of contacting IBM to find out more information. We have it working on the supplied ciphers. My concern of course is what the customer is

Re: AT-TLS question , issue

2015-05-14 Thread Donald J.
Correction: This is the server supported cipher list Set GSK_V3_CIPHER_SPECS_EXPANDED(214) - C02FC030009E009F009C009D002F0035000A Client ciphers are in the client hello. 2nd packet in ATTLS trace below: (002F 0035 0005 etc) RECV CIPHER 160301005F

Re: AT-TLS question , issue

2015-05-14 Thread Donald J.
If you use trace level: Trace 127 you will get debugging info on ciphers and other things. Cipher list presented by client: CONNID: DA17 RC:0 Set GSK_V3_CIPHER_SPECS_EXPANDED(214) - C02FC030009E009F009C009D002F0035000A Cipher chosen by server: CONNID: DA17 RC:0 Get

Re: AT-TLS question , issue

2015-05-14 Thread Rob Schramm
Diagnosis Guide with a direct hit http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hald001/atprble.htm q0 - did you copy one of the GUI samples for the AT-TLS setup or build it from scratch? q1 - what ciphers did you select in Config Assistant or z/OSMF when you setup

Re: AT-TLS question , issue

2015-05-14 Thread Mike Wawiorko
http://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-us/SSLTBW_1.13.0/com.ibm.zos.r13.hald001/comtls.htm AT-TLS return codes z/OS Communications Server: IP Diagnosis Guide GC31-8782-13 402 Connection Init A SSL cipher suite could not be agreed upon between the client and server.

Re: AT-TLS question , issue

2015-05-13 Thread Gilson, Lynn
Scott, I was looking at this document a little while ago: IBM z/OS V1R13 CS TCP/IP Implementation: Volume 4 Security and Policy-Based Networking on Chapter 16 'Telnet Security' it has some good information on this. Page 680 has a Table 16-1 that details the order of the ciphers. I think you

AW: Re: AT-TLS question

2014-05-03 Thread Peter Hunkeler
Yes, it does the encryption (and more important - the negotiation) without the z/OS application having to be aware, though the app can be if it wants to. [snip] Trying to summarize what I understand so far. An SSL capable application does all the handshake and en/decryption stuff by itself.

Re: AW: Re: AT-TLS question

2014-05-03 Thread Jim McAlpine
Yes, that's basically it as I now understand. We currently have it configured for CICS sockets but now also want to configure it where z/OS is the client and Websphere on windows is the SSL client. See below for SHARE presentation. https://share.confex.com/share/120/webprogram/Session12775.html

Re: AW: Re: AT-TLS question

2014-05-03 Thread Jim McAlpine
That should have said SSL server and not SSL client obviously. Jim Mc. On 3 May 2014 10:28, Jim McAlpine jim.mcalp...@gmail.com wrote: Yes, that's basically it as I now understand. We currently have it configured for CICS sockets but now also want to configure it where z/OS is the client and

AW: Re: AT-TLS question

2014-05-02 Thread Peter Hunkeler
mixing up things? -- Peter Hunkeler Von: Tony Harminc t...@harminc.net An: IBM-MAIN@LISTSERV.UA.EDU Betreff: Re: AT-TLS question Datum: 01.05.14 19:38 On 1 May 2014 07:48, Jim McAlpine jim.mcalp...@gmail.com wrote: We have the need to encrypt messages sent from z/OS

Re: AT-TLS question

2014-05-02 Thread Jim McAlpine
Are you saying that the certificate dance is not required in this scenario ? Jim Mc. On Thu, May 1, 2014 at 6:38 PM, Tony Harminc t...@harminc.net wrote: On 1 May 2014 07:48, Jim McAlpine jim.mcalp...@gmail.com wrote: We have the need to encrypt messages sent from z/OS on a particular port

Re: AT-TLS question

2014-05-02 Thread Tony Harminc
On 2 May 2014 03:40, Peter Hunkeler p...@gmx.ch wrote: Yes - this is probably the classic use case for AT-TLS. Wouldn't this only encrypt the path from ip to ip. ip would decrypt and send plain text to WebSphere? I understand application transparent to say that the traffic is enctrypted on

Re: AT-TLS question

2014-05-01 Thread Staller, Allan
AT-TLS(application transparent transport layer security) is a transport layer protocol. It encrypts data sent over the link. HTTPS is an application level protocol. The date is encrypted prior to being sent over the link. Using HTTPS with AT-TLS is encrypting the data twice. Once by the

Re: AT-TLS question

2014-05-01 Thread Mike Wawiorko
@LISTSERV.UA.EDU Subject: Re: AT-TLS question AT-TLS(application transparent transport layer security) is a transport layer protocol. It encrypts data sent over the link. HTTPS is an application level protocol. The date is encrypted prior to being sent over the link. Using HTTPS with AT-TLS

Re: AT-TLS question

2014-05-01 Thread Tony Harminc
On 1 May 2014 07:48, Jim McAlpine jim.mcalp...@gmail.com wrote: We have the need to encrypt messages sent from z/OS on a particular port to an application running under Webshere on Windows. The outgoing messages are HTTP protocol and they would need to be converted to the HTTPS that Websphere