First - thank you for the manual number so that I can look these up. Now - Dunce hat firmly in place.
I've no idea what AT-TLS environment means. On Wed, May 7, 2014 at 11:00 AM, Donald J. <[email protected]> wrote: > SC24-5901 > > 410 SSL message format is incorrect. > Explanation: An incorrectly formatted SSL message is > received from the communication partner. > User response: Collect a System SSL trace > containing a dump of the SSL message and then > contact your service representative > > You usually have to run a GSK trace to track down these problems. > Are you using AT-TLS environment for the FTPS client ? > > -- > Donald J. > [email protected] > > On Wed, May 7, 2014, at 07:38 AM, Mark Pace wrote: > > Trying to turn on some DEBUG information > > DEBUG FLO > > > > FC1003 authServer: secure_socket_init failed with rc = 410 (SSL message > > format is incorrect) > > > > So not to try to figure out where to find this error message. > > > > > > On Wed, May 7, 2014 at 10:19 AM, Mark Pace <[email protected]> > > wrote: > > > > > I remember setting up something very similar to connect to IBM. So I > > > added the GoDady cert to the same keyring. > > > > > > sr cla(digtring) > > > IBMUSER.smpemaint > > > *IBMUSER.FtpSecur * > > > IBMUSER.IBMRing > > > IBMUSER.SecureFTPKeyRing > > > IBMUSER.SMPEMAINT > > > TN3270.TNRING > > > *** > > > > > > > > > > > > racdcert id(ibmuser) listring(*FtpSecur*) > > > Digital ring information for user IBMUSER: > > > > > > Ring: > > > >FtpSecur< > > > Certificate Label Name Cert Owner USAGE DEFAULT > > > -------------------------------- ------------ -------- ------- > > > GeoTrust Global CA CERTAUTH CERTAUTH NO > > > * Go Daddy Class 2 CERTAUTH CERTAUTH YES* > > > > > > > > > So I added to my ftp.data > > > KEYRING IBMUSER/FtpSecur > > > > > > But that still isn't the final answer > > > > > > EZA2897I Authentication negotiation failed > > > EZA2898I Unable to successfully negotiate required authentication > > > EZA1735I Std Return Code = 10000, Error Code = 00017 > > > > > > > > > > > > On Wed, May 7, 2014 at 9:44 AM, Chase, John <[email protected]> wrote: > > > > > >> If you're authorized to issue RACF commands, try SR CLA(DIGTRING) to > list > > >> defined key rings (format is userid.ringname), then RACDCERT > ID(userid) > > >> LISTRING(ringname or *) to see the ring(s) contents. > > >> > > >> Also ensure that the root cert you're interested in has TRUST status > > >> (default is NOTRUST). > > >> > > >> -jc- > > >> > > >> > -----Original Message----- > > >> > From: IBM Mainframe Discussion List [mailto: > [email protected]] > > >> On Behalf Of Mark Pace > > >> > Sent: Wednesday, May 07, 2014 8:34 AM > > >> > To: [email protected] > > >> > Subject: Re: z/OS FTPS Client & Linux FTP server > > >> > > > >> > The cipher was one of my early problems. But I figured that one > out. > > >> > vsftpd - ssl_ciphers=RC4-SHA > > >> > z/OS - CIPHERSUITE SSL_RC4_SHA > > >> > > > >> > I'm certain that this Keyring is (part of) my problem. Stumbling > > >> through > > >> > RACF I have found that the GoDaddy Root CA is already defined in > z/OS, > > >> but still trying to determine > > >> > if it is part of a keyring. > > >> > > > >> > > > >> > > > >> > On Wed, May 7, 2014 at 8:57 AM, Donald J. <[email protected]> > wrote: > > >> > > > >> > > Make sure client and server have a common cipher. > > >> > > SSL_AES_128_SHA and SSL_AES_256_SHA are probably more commonly > used > > >> > > than SSL_RC4_SHA. > > >> > > > > >> > > Make sure the linus root certificate is in your z/OS client > keyring. > > >> > > > > >> > > -- > > >> > > Donald J. > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > -- > > >> > > http://www.fastmail.fm - A no graphics, no pop-ups email service > > >> > > > > >> > > > ---------------------------------------------------------------------- > > >> > > For IBM-MAIN subscribe / signoff / archive access instructions, > send > > >> > > email to [email protected] with the message: INFO IBM-MAIN > > >> > > > > >> > > > >> > > > >> > > > >> > -- > > >> > The postings on this site are my own and don’t necessarily represent > > >> Mainline’s positions or opinions > > >> > > > >> > Mark D Pace > > >> > Senior Systems Engineer > > >> > Mainline Information Systems > > >> > > > >> > > ---------------------------------------------------------------------- > > >> > For IBM-MAIN subscribe / signoff / archive access instructions, send > > >> email to [email protected] > > >> > with the message: INFO IBM-MAIN > > >> > > >> ********************************************************************** > > >> Information contained in this e-mail message and in any attachments > > >> thereto is confidential. If you are not the intended recipient, please > > >> destroy this message, delete any copies held on your systems, notify > the > > >> sender immediately, and refrain from using or disclosing all or any > part of > > >> its content to any other person. > > >> > > >> > > >> ---------------------------------------------------------------------- > > >> For IBM-MAIN subscribe / signoff / archive access instructions, > > >> send email to [email protected] with the message: INFO > IBM-MAIN > > >> > > > > > > > > > > > > -- > > > The postings on this site are my own and don’t necessarily represent > > > Mainline’s positions or opinions > > > > > > Mark D Pace > > > Senior Systems Engineer > > > Mainline Information Systems > > > > > > > > > > > > > > > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > -- > http://www.fastmail.fm - Access your email from home and the web > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
