I am now reminded of a difficulty I had with this once. My plea to the list(s) resulted in this:
Skip to site navigation (Press enter) Re: FTP TLS Handshake Fails with SSL RC 410 Cal McCracken Thu, 10 Mar 2011 07:44:54 -0800 Thanks to a private responder, I was able to get this resolved. I don't know if the SSL RC 410 covers other error situations, but in my case, the resolution was to set configuration parm, ssl_request_cert to NO (defaults to YES). This is a config parm for the vsftpd FTP server on our Linux system. My humble thanks to the responder. > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] > On Behalf Of Mark Pace > Sent: Wednesday, May 07, 2014 12:02 PM > To: [email protected] > Subject: Re: z/OS FTPS Client & Linux FTP server > > And for giggles I setup another Linux FTP server - this one pure-ftpd - again > no > issues connecting with a windows FTPS client - still no connection with z/OS. > > > On Wed, May 7, 2014 at 2:39 PM, Mark Pace <[email protected]> > wrote: > > > Yes - it was at that time. Since I started working on the RACF > > certs/keyring stuff the ftp.data has been updated as I go along. Currently. > > > > SECURE_CTRLCONN CLEAR > > SECURE_DATACONN PRIVATE > > SECURE_FTP REQUIRED > > SECURE_HOSTNAME OPTIONAL > > SECURE_MECHANISM TLS > > KEYRING IBMUSER/FtpSecur > > TLSPORT 21 > > TLSRFCLEVEL CCCNONOTIFY > > TLSTIMEOUT 10 > > ; > > ;CTRLCONN 7BIT > > SECUREIMPLICITZOS FALSE > > TLSMECHANISM FTP > > CIPHERSUITE SSL_RC4_SHA > > ; > > DEBUG SEC > > > > > > On Wed, May 7, 2014 at 2:06 PM, Gibney, Dave <[email protected]> wrote: > > > >> You said latest, so maybe you have tried others. In the parms listed > >> here, your keyring is commented out. > >> > >> > -----Original Message----- > >> > From: IBM Mainframe Discussion List > >> > [mailto:[email protected]] On Behalf Of Mark Pace > >> > Sent: Wednesday, May 07, 2014 5:26 AM > >> > To: [email protected] > >> > Subject: z/OS FTPS Client & Linux FTP server > >> > > >> > Has anyone successfully sent data to a Linux FTP server using TLS > >> security > >> > from the z/OS FTP client? > >> > > >> > I have a Linux server running vsftpd - I've been using it for years > >> > to > >> send SMF > >> > data. I've added TLS support to this server. I've verified that > >> > the > >> Secure > >> > connect works via a Filezilla client, > >> > > >> > So now I would like to be able to send SMF data to the server. But > >> > I > >> always > >> > get an authentication failure. I've tried every combination of > >> > Security parameters I can come up with. > >> > > >> > These are the latest parms in my ftp.data file. > >> > > >> > ;SECURE_CTRLCONN SAFE > >> > SECURE_DATACONN CLEAR > >> > SECURE_FTP REQUIRED > >> > SECURE_HOSTNAME OPTIONAL > >> > SECURE_MECHANISM TLS > >> > SECUREIMPLICITZOS FALSE > >> > CIPHERSUITE SSL_RC4_SHA > >> > ;KEYRING IBMUSER/SecureFTPKeyRing > >> > TLSPORT 21 > >> > TLSRFCLEVEL CCCNONOTIFY > >> > TLSTIMEOUT 10 > >> > ;SECURE_PBSZ 16384 > >> > ; > >> > ;CTRLCONN 7BIT > >> > > >> > I'm beginning to think I am doing something fundamentally wrong > >> > instead > >> of > >> > it being a matter of wrong parameters. > >> > > >> > //FTP EXEC PGM=FTP,REGION=5M,PARM='(EXIT' > >> > //SYSPRINT DD SYSOUT=* > >> > //SYSFTPD DD DISP=SHR,DSN=MARPACE.JCL.CNTL(FTPSDATA) > >> > //OUTPUT DD SYSOUT=* > >> > //INPUT DD * USE LOWER CASE BELOW > >> > ftp.s390.mainline.com > >> > userid password > >> > dir > >> > quit > >> > > >> > > >> > EZA1736I FTP > >> > (EXIT > >> > > >> > EZY2640I Using dd:SYSFTPD=MARPACE.JCL.CNTL(FTPSDATA) for local site > >> > configuration parameters. > >> > EZA1450I IBM FTP CS > >> > V2R1 > >> > EZA1772I FTP: EXIT has been > >> > set. > >> > EZA1456I Connect to > >> > ? > >> > EZA1736I ftp.s390.mainline.com > >> > > >> > EZA1554I Connecting to: ftp.s390.mainline.com 10.6.0.10 port: > >> > 21. > >> > EZA2897I Authentication negotiation failed EZA2898I Unable to > >> > successfully negotiate required authentication > >> EZA1735I > >> > Std Return Code = 10000, Error Code = > >> > 00017 > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > -- > >> > The postings on this site are my own and don’t necessarily > >> > represent Mainline’s positions or opinions > >> > > >> > Mark D Pace > >> > Senior Systems Engineer > >> > Mainline Information Systems > >> > > >> > ------------------------------------------------------------------- > >> > --- For IBM-MAIN subscribe / signoff / archive access instructions, > >> > send > >> email to > >> > [email protected] with the message: INFO IBM-MAIN > >> > >> --------------------------------------------------------------------- > >> - For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to [email protected] with the message: INFO > >> IBM-MAIN > >> > > > > > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > > > > > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
