Hand-editing is the only way I have ever configured AT-TLS, so
a. It's not hard. Anyone with any kind of coding background should find it a
piece of cake. Consult the documentation. The parameters are not entirely
intuitive nor consistent.
b. No idea whether the changes would be preserved if you went back to the GUI.
Charles
On Sun, 26 Jan 2025 08:17:11 -0800, Ed Jaffe <edja...@phoenixsoftware.com>
wrote:
>On 1/26/2025 7:54 AM, Ed Jaffe wrote:
>>
>> The "key share group list" described above is being passed by z/OS as
>> the singular value "secp521r1". It would be great if we could figure
>> out how to make it send an actual list of group names that also
>> includes "secp256r1" (the only one supported by the RedHat 9 wsftp
>> server), but so far we haven't been able to figure out how to do that.
>
>I found the part of the policy specification that needs to be expanded,
>but I can't find how to change it using the Network Configuration
>Assistant. "Advanced Settings" under the "Rules" dialog has a tab called
>"Handshake," but it does not offer anything related to the list of
>groups that's offered.
>
>TTLSSignatureParms sig1~AT-TLS__Platinum_with_TLS1.
>{
> ClientECurves secp521r1
> SignaturePairs TLS_SIGALG_SHA256_WITH_RSASSA_PSS
> SignaturePairs TLS_SIGALG_SHA384_WITH_RSASSA_PSS
> SignaturePairs TLS_SIGALG_SHA512_WITH_RSASSA_PSS
>}
>TTLSSignatureParms sig2~AT-TLS__Platinum_with_TLS1.
>{
> ClientECurves secp521r1
>}
>
>Should I hand-edit this file to specify the additional curve? Never did
>that before, but I can try.
>
>Will those settings be preserved if I edit with the NCA later after
>making manual updates? Or will I lose everything?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
