pondering the future...
Frank
From: IBM Mainframe Discussion List on behalf of
Denis <01664d8ede6c-dmarc-requ...@listserv.ua.edu>
Sent: Monday, June 19, 2017 12:41 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: changing batch job to use SSL
Hi Frank,
sin
ssion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> On Behalf Of Denis
> Sent: Monday, June 19, 2017 11:42 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: changing batch job to use SSL
>
> Hi Frank,
>
> since policy agent belongs to Communication Server and used to have some
&
On 17 June 2017 at 01:45, Andrew Rowley
wrote:
> On 17/06/2017 03:05 AM, Tony Harminc wrote:
>
>> I'm not sure why you seem to think
>> this can't be done without client application program involvement.
>>
>
> There are 2 things that need to be validated with the certificate:
> - That is is valid
-MAIN
Sent: Mon, Jun 19, 2017 8:30 pm
Subject: Re: changing batch job to use SSL
Curious question. Is this something a developer could do in order to test this
out, or does it require System level access?
Frank
From: IBM Mainframe Discussion List on behalf of
une 17, 2017 12:29 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: changing batch job to use SSL
Hi Andrew,
have a look at the following sample, where just the jobname and the outbound
port specify the need to use tls.
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.c
Andrew,
You seem to be asking generic questions about how TLS works on any/every
platform. If you're concerned about defending against MITM attacks, then
start with that bit of reading. Take a look at how HTTPS prevents such
attacks, for example. Then you'll have your answer. As Tony Harminc
menti
to do, but I have not tested it.
Denis.
-Original Message-
From: Andrew Rowley
To: IBM-MAIN
Sent: Sat, Jun 17, 2017 07:45 AM
Subject: Re: changing batch job to use SSL
On 17/06/2017 03:05 AM, Tony Harminc wrote:
> It's validated the same way(s) any TLS client app (such as your
On 17/06/2017 03:05 AM, Tony Harminc wrote:
It's validated the same way(s) any TLS client app (such as your desktop
browser) validates a server certificate. I'm not sure why you seem to think
this can't be done without client application program involvement.
There are 2 things that need to be v
On 16 June 2017 at 01:57, Andrew Rowley
wrote:
> That still doesn't really help me. I'm trying to understand how AT-TLS
> guards against MITM for client connections.
>
> E.g. lets say I had a Cobol job that sent email. I now want to connect to
> Gmail which uses TLS. Can I plug in AT-TLS without
On 16/06/2017 2:31 PM, Timothy Sipples wrote:
If you'd like an introduction to how this all works, this one is fairly
good, although it's slightly dated (written/recorded about 6 years ago):
https://www.ibm.com/support/docview.wss?uid=swg27028558
That still doesn't really help me. I'm trying to
, 16 June 2017 2:01 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: changing batch job to use SSL
Andrew,
The mechanics are pretty basic, at least conceptually. AT-TLS (in
Communications Server for z/OS) supports both TLS/SSL server certificate
authentication and TLS/SSL client certificate
Andrew,
The mechanics are pretty basic, at least conceptually. AT-TLS (in
Communications Server for z/OS) supports both TLS/SSL server certificate
authentication and TLS/SSL client certificate authentication. The Policy
Agent configuration is what decides which authentication(s) apply.
If you'd l
On 16/06/2017 5:30 AM, Gibney, Dave wrote:
I think Tony is correct. If the external server's signing CA is defined using
the appropriate Policy Rules for the z/OS Policy Agent and covering the local
Cobol client, a secure connection, transparent to the Cobol client should work.
How do you know
M Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> On Behalf Of Denis
> Sent: Thursday, June 15, 2017 11:44 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: changing batch job to use SSL
>
> Tony,
>
> yes I missed the part of a z/os client, sorry for that.
> But it
.
-Original Message-
From: Tony Harminc
To: IBM-MAIN
Sent: Thu, Jun 15, 2017 07:12 PM
Subject: Re: changing batch job to use SSL
On 15 June 2017 at 12:24, Denis <
01664d8ede6c-dmarc-mailto:requ...@listserv.ua.edu";>requ...@listserv.ua.edu> wrote:
> This is new for
.marist.edu/htbin/wlvindex?IBMTCP-L
Lizette
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Denis
> Sent: Thursday, June 15, 2017 9:24 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: changing batch job to use SSL
>
On 15 June 2017 at 12:24, Denis <
01664d8ede6c-dmarc-requ...@listserv.ua.edu> wrote:
> This is new for me, can you point me to docs how to set up at-tls on
> windows for a tcpip c client program connecting to z/os?
Denis, I don't think Windows is in this picture anywhere; certainly it was
no
Hi Tony,
This is new for me, can you point me to docs how to set up at-tls on windows
for a tcpip c client program connecting to z/os?
Thanks,
Denis.
-Original Message-
From: Tony Harminc
To: IBM-MAIN
Sent: Thu, Jun 15, 2017 05:05 PM
Subject: Re: changing batch job to use SSL
On
On 15 June 2017 at 08:02, Denis <
01664d8ede6c-dmarc-requ...@listserv.ua.edu> wrote:
> AT-TLS is only for the server side, so you also need something for the
> client side, e.g. stunnel (I am mentioning it, because I have worked with
> it) or others.
This is not right. AT-TLS works fine at t
TCPIP client can be turned into a SSL
enabled client just with some parameters and there are languages, where it will
be a complete rewrite.
Hope that helps.
Denis.
-Original Message-
From: Andrew Rowley
To: IBM-MAIN
Sent: Thu, Jun 15, 2017 1:52 pm
Subject: Re: changing batch job to
On 10/06/2017 08:41 PM, Timothy Sipples wrote:
Have you looked at AT-TLS yet? It's a feature within Communications Server
for z/OS.
I don't quite understand how AT-TLS works as a client. If it inserts
itself at the TCP level, how does it perform functions like e.g.
validating the certificate f
IPsec is another option I should have also mentioned, also a Communications
Server for z/OS feature.
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail
-Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Munif Sadek
> Sent: Friday, June 09, 2017 8:22 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: changing batch job to use SSL
>
> Dear Listers
> I have a pure COBOL b
Have you looked at AT-TLS yet? It's a feature within Communications Server
for z/OS.
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm
Dear Listers
I have a pure COBOL batch job that uses socket programming (EZASOCKET) to fetch
some sensitive data from an external server. I would like to change this IP
connection between Mainframe (Client) and External server (Specialized
Application Server that does support SSL/TLS) to be sec
25 matches
Mail list logo
