The client usually sends up a list of acceptable cipher specs, and the
server picks one. Perhaps you need to change the client to add more.
For example from my definitions
TTLSCipherParms AZFCipherParms
{
V3CipherSuites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
V3CipherSuites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
V3CipherSuites TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
V3CipherSuites TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
V3CipherSuites TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
V3CipherSuites TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
V3CipherSuites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# TLSv1.3
# V3CipherSuites TLS_CHACHA20_POLY1305_SHA256
# TLSv1.2
## 2024 Nov 30 comment these out
# V3CipherSuites4Char TLS_CHACHA20_POLY1305_SHA256
# V3CipherSuites4Char TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
# V3CipherSuites4Char TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
# V3CipherSuites4Char TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 C02
}
On Sat, 25 Jan 2025 at 19:36, Ed Jaffe <
000005acc3c79bf7-dmarc-requ...@listserv.ua.edu> wrote:
> Hello,
>
> AT-TLS FTP is working just fine in z/OS, however we're having an issue
> connecting to our RedHat 9 wsftp server.
>
> At an early point in TLS handshaking, the z/OS client is proposing the
> "secp521r1" curve which is being rejected by wsftp. It is looking for
> "secp256r1," which we found hard-wired in the wsftp source code.
>
> Has anyone figured out how to make these two FTP products negotiate a
> TLS connection?
>
> Thanks,
>
> --
> Phoenix Software International
> Edward E. Jaffe
> 831 Parkview Drive North
> El Segundo, CA 90245
> https://www.phoenixsoftware.com/
>
>
>
> --------------------------------------------------------------------------------
> This e-mail message, including any attachments, appended messages and the
> information contained therein, is for the sole use of the intended
> recipient(s). If you are not an intended recipient or have otherwise
> received this email message in error, any use, dissemination, distribution,
> review, storage or copying of this e-mail message and the information
> contained therein is strictly prohibited. If you are not an intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of this email message and do not otherwise utilize or retain this email
> message or any or all of the information contained therein. Although this
> email message and any attachments or appended messages are believed to be
> free of any virus or other defect that might affect any computer system
> into
> which it is received and opened, it is the responsibility of the recipient
> to ensure that it is virus free and no responsibility is accepted by the
> sender for any loss or damage arising in any way from its opening or use.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
