Charles Mills wrote: >At least some System SSL functions are protected by RACF classes --
True, but it depends, for example usage of FACILITY Class profiles like IRR.DIGTCERT.<whatever>. >"In order for System SSL to use cryptographic support provided through ICSF, >the ICSF started task must be running and the application user ID must be >authorized for the appropriate resources in the RACFR CSFSERV class (when the >class is active), either explicitly or through a generic resource profile." That is if you indeed use ICSF. You can still use SSL functions without ICSF, however not that very secure, but secure enough. >Secure Sockets Layer is designed to be used over TCP (or similar) but System >SSL is not an "add-on to TCP." It could more correctly be described as "a >software front-end to z/OS Crypto Services." Sort of. SSL is intended to be used by any software like HTTP Servers, LDAP and others. >The use of SSL does not imply the use of any particular ports or similar, so >it is largely transparent to TCP administrators. and Radoslaw Skorupka wrote: IMHO it's up to TCPIP administrators to know what ports, protocols, services are in use. I agree with Radoslaw. You need to tell the TCP/IP, HTTP Server and other admins what KeyRings and what Cipher Suite and other settings are needed. The TCP/IP team need to setup the ports, protocols and other services. Also, you need to talk with your OMVS support. Dennis W givens wrote: >We were hoping that the SYSTEM SSL executables (GSKKYMAN, GSKSRVR) can be used >in some fashion to determine this information. You can do that, but you will need enough space to write down your traces. Of course you can delete your certs or remove TRUST and see who is screaming... Dennis, I think you can also go to RACF-L and post your SSL questions there. Real SSL gurus are hanging out there. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
