FWIW what you show is in conflict with what Paul Gorlinsky wrote: that IBM did not support FTPS.
(I'm not trying to pick a fight. I have reasons for wanting to get FTPS to work.) I see that you are using AT-TLS and that is goodness of course but it should not make a huge difference bottom line. I wonder why mine is failing. At least I know the problem is not V2R5. That's a help. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Ed Jaffe Sent: Monday, February 27, 2023 10:38 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Can you connect to the PTF download site with z/OS FTP? On 2/27/2023 9:32 AM, Charles Mills wrote: > > Starting I think with V2R5 you need AT-TLS for the FTP server, and for TLS > 1.3 (only) on the client. Don't know about TLS 1.3 (we don't use that yet), but it clearly still supports TLS 1.2. See below: EZA1450I IBM FTP CS V2R5 EZA1466I FTP: using TCPIP EZA1456I Connect to ? EZA1736I public.dhe.ibm.com EZYFT18I Using catalog '/usr/lib/nls/msg/C/ftpdmsg.cat' for FTP messages. EZA1554I Connecting to: public.southdata.ibm.com 170.225.126.18 port: 21. 220-********************************************************************** * * * IBM's internal systems must only be used for conducting IBM's * * business or for purposes authorized by IBM management. * * * * Use is subject to audit at any time by IBM management. * * * * Important Please read * * * * Machine Code updates provided through this site are available * * only for IBM machines that are under warranty or an IBM hardware * * maintenance service agreement Code for operating systems or other * * software products is available only where entitled under the * * applicable software warranty or IBM software maintenance * * agreement. All code (including Machine Code updates, samples, * * fixes or other software downloads)provided through this site * * is subject to the terms of the license agreements which * * govern the use of the associated code. Some exceptions may * * apply.IBM reserves the right to change, modify or withdraw its * * offerings,policies and practices at any time. * ********************************************************************** 220 ProFTPD Server (proftpd) [170.225.126.18] FC0296 ftpAuth: security values: mech=TLS, tlsmech=ATTLS, tlsreuse=N, sFTP=A, sCC=C, sDC=P FC2975 ftpAuthAttls: AT-TLS policy set as application controlled. FU2420 TTLSRule: PSI_FTP-Client~1 FU2426 TTLSGroupAction: gAct1 FU2432 TTLSEnvironmentAction: eAct1~FTP_Clients FU2439 TTLSConnectionACtion: cAct1~FTP_Clients EZA1701I >>> AUTH TLS 234 AUTH TLS successful FC3144 authServerAttls: Start Handshake FC3175 authServerAttls: FIPS140 not enabled FC3212 authServerAttls: Using TLSv1.2 protocol FC3230 authServerAttls: SSL cipher: 002F FU2135 getCtrlConnCertAttls: Request certificate, size 1751 FU2755 getSessionIdAttls: Issuing SIOCTTLSCTL to get decoded AT-TLS Session ID EZA2895I Authentication negotiation succeeded ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
