there is a relatively new red piece on how to configure TLS with
tn3270: IBM z/OS IBM Personal Communications TTLS Enablement at
http://www.redbooks.ibm.com/redpapers/pdfs/redp5538.pdf
ITschak
On Sat, Nov 9, 2019 at 4:08 AM Greg Boyd
wrote:
> System SSL (aka TLS) will work without ICSF being
System SSL (aka TLS) will work without ICSF being active and without CEX cards
being available. You may not like the performance and some functions (i.e.
specifically ECC) may not work. Elliptic Curve (ECC) requires that CEX cards
are available and ICSF is active, to drive those operations to
> Do we need ICSF to be running while implementing ATTLS ?
I ran AT-TLS on a 2.1 RDT system *without* ICSF without a problem. And it was
for more than just TN3270 traffic at TLS 1.2. I haven't tried at a higher z/OS
level, but I don't think you need ICSF.
Regards, Barbara
.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
R.S.
Sent: Thursday, November 7, 2019 12:35 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CPACF for TN3270 encryption
IMHO the problem is with using file utilities for datasets.
File - understo
IMHO the problem is with using file utilities for datasets.
File - understood as MS-DOS, unix or Windows file - it is just (ordered)
set of bytes. No internal structure like blocks or records. File formats
like XLS, TXT, DOC are interpretation of some applications, it is not
visible
Dataset -
On 11/7/2019 9:49 AM, Jake Anderson wrote:
Do we need ICSF to be running while implementing ATTLS ?
Jake,
Yes.
Regards,
Tom Conley
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
Do we need ICSF to be running while implementing ATTLS ?
On Wed, 30 Oct, 2019, 2:22 PM Mike Wawiorko, <
014ab5cdfb21-dmarc-requ...@listserv.ua.edu> wrote:
> 3270 with SSL/TLS is implemented in System SSL - if you really need to
> know more I'd read up on that.
>
> Another PAGENT policy
3270 with SSL/TLS is implemented in System SSL - if you really need to know
more I'd read up on that.
Another PAGENT policy function IPSEC tunnels does have the option for ZIIP
assist so if you're running 3270 or other traffic within tunnels you may be
using ZIIP.
Mike Wawiorko
This e-mail
Jake Anderson asked:
>Is it possible to encrypt TN3270 connectivity using CPACF ?
And then later added:
>We got this feature along with our z14 so wanted to make use of this and am
>not sure if PAGENT traffic can be offloaded to zIIP
Just to be clear: CPACF is crypto in the chip (much
We got this feature along with our z14 so wanted to make use of this and am
not sure if PAGENT traffic can be offloaded to zIIP
On Tue, 29 Oct, 2019, 9:26 PM R.S., wrote:
> Michael,
> It's not so easy.
> You use encrypted communication. That's what you know.
> However you don't know what
Michael,
It's not so easy.
You use encrypted communication. That's what you know.
However you don't know what hardware is used for enciphering/deciphering
data.
I'm rather sure that it is NOT CryptoExpress card (let's omit
handshaking). Note, CPACF is not CryptoExpress. You can have CPACF and
Try this aging SHARE presentation from 2014. You'll probably find a more recent
one if your search the web or SHARE.
https://share.confex.com/share/123/webprogram/Handout/Session15660/SharePittsburgh15660_Aug2014_System_SSL_And_Crypto.pdf
Mike Wawiorko
This e-mail and any attachments are
I can’t say I’m 100% sure but highly suspect it does. We don’t have our
crypto express cards configured yet so I know it’s not using them.
On Tue, Oct 29, 2019 at 4:44 AM Jake Anderson
wrote:
> "We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
> TLS 1.2 via IBM’s
"We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
TLS 1.2 via IBM’s policy agent"
All its workload goes to CPACF ?
On Tue, 29 Oct, 2019, 1:42 PM Michael Babcock,
wrote:
> We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
> TLS 1.2 via IBM’s
We use Rockets’s Bluezone for our 3270 emulator and all 3270 traffic uses
TLS 1.2 via IBM’s policy agent.
On Tue, Oct 29, 2019 at 4:03 AM Jake Anderson
wrote:
> Hi
>
> Is it possible to encrypt TN3270 connectivity using CPACF ?
>
> Just trying to understand its functionality and has anyone
Yes, if you use the policy agent (PAGENT).
ITschak
On Tue, Oct 29, 2019 at 11:03 AM Jake Anderson
wrote:
> Hi
>
> Is it possible to encrypt TN3270 connectivity using CPACF ?
>
> Just trying to understand its functionality and has anyone tried this
> functionality implementated for TN3270
16 matches
Mail list logo