On 1/26/2025 7:54 AM, Ed Jaffe wrote:
The "key share group list" described above is being passed by z/OS as
the singular value "secp521r1". It would be great if we could figure
out how to make it send an actual list of group names that also
includes "secp256r1" (the only one supported by the RedHat 9 wsftp
server), but so far we haven't been able to figure out how to do that.
I found the part of the policy specification that needs to be expanded,
but I can't find how to change it using the Network Configuration
Assistant. "Advanced Settings" under the "Rules" dialog has a tab called
"Handshake," but it does not offer anything related to the list of
groups that's offered.
TTLSSignatureParms sig1~AT-TLS__Platinum_with_TLS1.
{
ClientECurves secp521r1
SignaturePairs TLS_SIGALG_SHA256_WITH_RSASSA_PSS
SignaturePairs TLS_SIGALG_SHA384_WITH_RSASSA_PSS
SignaturePairs TLS_SIGALG_SHA512_WITH_RSASSA_PSS
}
TTLSSignatureParms sig2~AT-TLS__Platinum_with_TLS1.
{
ClientECurves secp521r1
}
Should I hand-edit this file to specify the additional curve? Never did
that before, but I can try.
Will those settings be preserved if I edit with the NCA later after
making manual updates? Or will I lose everything?
--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/
--------------------------------------------------------------------------------
This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN