Hi Andrew, have a look at the following sample, where just the jobname and the outbound port specify the need to use tls. https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.cfzu100/step6b.htm Scroll down to the sample policy that says outbound. Maybe thats all you need to do, but I have not tested it.
Denis. -----Original Message----- From: Andrew Rowley <and...@blackhillsoftware.com> To: IBM-MAIN <IBM-MAIN@LISTSERV.UA.EDU> Sent: Sat, Jun 17, 2017 07:45 AM Subject: Re: changing batch job to use SSL On 17/06/2017 03:05 AM, Tony Harminc wrote: > It's validated the same way(s) any TLS client app (such as your desktop > browser) validates a server certificate. I'm not sure why you seem to think > this can't be done without client application program involvement. There are 2 things that need to be validated with the certificate: - That is is valid, i.e. has been signed by a trusted CA etc. AND - That it belongs to the entity that the client is trying to connect to. The description of AT-TLS says it takes control when the connection is opened, but at this point name resolution has already occurred, hasn't it? So how does AT-TLS know who the client is trying to connect to so it can check the name in the certificate? I guess it would have to intercept name resolution and assume that later connections to a resolved IP address must match the name. Or, maybe it is not intended for this type of general SSL connection. I have been reading the documentation, but haven't been able to find anything about how (or whether) the name in the certificate is validated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to <a href="mailto:lists...@listserv.ua.edu";>lists...@listserv.ua.edu</a> with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
