Re: More SSL/TLS and FTP woes

I have to ask: why you care? You can control FTP's behavior in FTPSDATA
and FTPCDATA respectively.

I also am curious about your reference to 'implicit' secure FTP. FTP
negotiates the session security starting from in the clear to the
maximum supported by both sites. You can set a floor above in the clear
if you want.

Lastly, using a specific port for much of anything but an initial
handshake is not something I think you'd want to do except on PC's.
Since the resultant port pair for FTP is going to be random, why do we
care where it starts?

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@xxxxxxxxxxx] On
Behalf Of Chase, John
Sent: Wednesday, October 17, 2007 9:03 AM
To: IBM-MAIN@xxxxxxxxxxx
Subject: More SSL/TLS and FTP woes

Hi, All,

I couldn't find anything relevant to the "problem du jour" in the
archives or the CS for z/OS 1.7 TCPIP Implementation Volume 2 Redbook,

I'm able to employ SSL/TLS for FTP using the Bluezone FTP client, but
only if I configure it to use port 21 and "AUTH_TLS". I cannot get it
working via "implicit" secure FTP using port 990; the z/OS 1.7 FTPD
replies "connection refused". AFAICT, I have "all the ducks lined up in
a row", with one possible exception: I don't explicitly "reserve" port
990 (and 989?) in the PORT configuration statement of PROFILE.TCPIP.
The IP Configuration Reference manual "suggests" it's not necessary to
do so.

Might this be the "missing link" after all? Do I need to (additionally)
explicitly specify the statements in FTP.DATA that the manual says are
defaults for TLS_PORT, etc.?



NOTICE: This electronic mail message and any files transmitted with it are intended
exclusively for the individual or entity to which it is addressed. The message,
together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution
is strictly prohibited. If you have received this message in error, please
immediately advise the sender by reply email and delete all copies.

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at