Re: AT-TLS FTP to RedHat 9 wsftp server

Sun, 26 Jan 2025 08:18:07 -0800 

On 1/26/2025 7:54 AM, Ed Jaffe wrote:



The "key share group list" described above is being passed by z/OS as 
the singular value "secp521r1". It would be great if we could figure 
out how to make it send an actual list of group names that also 
includes "secp256r1" (the only one supported by the RedHat 9 wsftp 
server), but so far we haven't been able to figure out how to do that.



I found the part of the policy specification that needs to be expanded, 
but I can't find how to change it using the Network Configuration 
Assistant. "Advanced Settings" under the "Rules" dialog has a tab called 
"Handshake," but it does not offer anything related to the list of 
groups that's offered.


TTLSSignatureParms                sig1~AT-TLS__Platinum_with_TLS1.
{
  ClientECurves                   secp521r1
  SignaturePairs TLS_SIGALG_SHA256_WITH_RSASSA_PSS
  SignaturePairs TLS_SIGALG_SHA384_WITH_RSASSA_PSS
  SignaturePairs TLS_SIGALG_SHA512_WITH_RSASSA_PSS
}
TTLSSignatureParms                sig2~AT-TLS__Platinum_with_TLS1.
{
  ClientECurves                   secp521r1
}


Should I hand-edit this file to specify the additional curve? Never did 
that before, but I can try.



Will those settings be preserved if I edit with the NCA later after 
making manual updates? Or will I lose everything?


--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/


--------------------------------------------------------------------------------
This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN






















					Reply via email to