> The client sends some cipher data and then immediately gets a 5003 failure > because the response comes back as clear text rather than encrypted.
Sounds like perhaps a mis-match between implicit and explicit FTP? Is the server expecting 'AUTH TLS' before going to encrypted, and not getting it? On z/OS that parm is FTP.DATA SECURE_FTP ALLOWED versus REQIIRED. ALLOWED in turn requires application control. HTH, Charles On Sun, 26 Jan 2025 21:08:03 -0800, Ed Jaffe <edja...@phoenixsoftware.com> wrote: >On 1/26/2025 8:17 AM, Ed Jaffe wrote: >> On 1/26/2025 7:54 AM, Ed Jaffe wrote: >>> >>> The "key share group list" described above is being passed by z/OS as >>> the singular value "secp521r1". It would be great if we could figure >>> out how to make it send an actual list of group names that also >>> includes "secp256r1" (the only one supported by the RedHat 9 wsftp >>> server), but so far we haven't been able to figure out how to do that. > >I fell back to TLS 1.2 support only. No more TLS 1.3. This time the >client sends secp256r1 (0023) for the initial handshake encryption, >which I found puzzling. My understanding was that only TLS 1.3 encrypted >the initial handshake, but whatevs. At least the group names should match. > >Now I'm seeing something a bit different. The client sends some cipher >data and then immediately gets a 5003 failure because the response comes >back as clear text rather than encrypted. The book states this could be >caused by not having application-level control over the AT-TLS >encryption (via SIOCTL). I know we have that specified for both z/OS >client and z/OS server. Of course, it can't be specified for RedHat >wsftp as it doesn't use AT-TLS. I suppose it's possible the 5003 error >might be the result of an immediate disconnect from the server due to an >as-yet-not-understood problem with the cipher. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
