We have been using plain old FTP to IBM (downloading enhanced hold data) for quite a while now and in the last week or so, we had to convert to using FTPS (TLS 1.2). So to me, it appears IBM made a change and now requires a secure connection. Yes, I know we can use SMPE RECEIVE ORDER, and we do but we had a STEP in one of our jobs that used the old way.
On Mon, Feb 27, 2023 at 6:24 PM Charles Mills <charl...@mcn.org> wrote: > FWIW what you show is in conflict with what Paul Gorlinsky wrote: that IBM > did not support FTPS. > > (I'm not trying to pick a fight. I have reasons for wanting to get FTPS to > work.) > > I see that you are using AT-TLS and that is goodness of course but it > should not make a huge difference bottom line. I wonder why mine is failing. > > At least I know the problem is not V2R5. That's a help. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Ed Jaffe > Sent: Monday, February 27, 2023 10:38 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Can you connect to the PTF download site with z/OS FTP? > > On 2/27/2023 9:32 AM, Charles Mills wrote: > > > > Starting I think with V2R5 you need AT-TLS for the FTP server, and for > TLS 1.3 (only) on the client. > > Don't know about TLS 1.3 (we don't use that yet), but it clearly still > supports TLS 1.2. See below: > > EZA1450I IBM FTP CS V2R5 > EZA1466I FTP: using TCPIP > EZA1456I Connect to ? > EZA1736I public.dhe.ibm.com > EZYFT18I Using catalog '/usr/lib/nls/msg/C/ftpdmsg.cat' for FTP messages. > EZA1554I Connecting to: public.southdata.ibm.com 170.225.126.18 port: 21. > 220-********************************************************************** > * * > * IBM's internal systems must only be used for conducting IBM's * > * business or for purposes authorized by IBM management. * > * * > * Use is subject to audit at any time by IBM management. * > * * > * Important Please read * > * * > * Machine Code updates provided through this site are available * > * only for IBM machines that are under warranty or an IBM hardware * > * maintenance service agreement Code for operating systems or other * > * software products is available only where entitled under the * > * applicable software warranty or IBM software maintenance * > * agreement. All code (including Machine Code updates, samples, * > * fixes or other software downloads)provided through this site * > * is subject to the terms of the license agreements which * > * govern the use of the associated code. Some exceptions may * > * apply.IBM reserves the right to change, modify or withdraw its * > * offerings,policies and practices at any time. * > ********************************************************************** > 220 ProFTPD Server (proftpd) [170.225.126.18] > FC0296 ftpAuth: security values: mech=TLS, tlsmech=ATTLS, tlsreuse=N, > sFTP=A, sCC=C, sDC=P > FC2975 ftpAuthAttls: AT-TLS policy set as application controlled. > FU2420 TTLSRule: PSI_FTP-Client~1 > FU2426 TTLSGroupAction: gAct1 > FU2432 TTLSEnvironmentAction: eAct1~FTP_Clients > FU2439 TTLSConnectionACtion: cAct1~FTP_Clients EZA1701I >>> AUTH TLS > 234 AUTH TLS successful > FC3144 authServerAttls: Start Handshake > FC3175 authServerAttls: FIPS140 not enabled > FC3212 authServerAttls: Using TLSv1.2 protocol > FC3230 authServerAttls: SSL cipher: 002F > FU2135 getCtrlConnCertAttls: Request certificate, size 1751 > FU2755 getSessionIdAttls: Issuing SIOCTTLSCTL to get decoded AT-TLS > Session ID EZA2895I Authentication negotiation succeeded > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Michael Babcock OneMain Financial z/OS Systems Programmer, Lead ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
