A fix is available
APAR status
Closed as new function.
Error description
Secure FTP uses port 990 in a secure-only environment with the FTP Client. Non-secure transmissions are not possible, as the client will check for the listening port of 990, and then attempt to initiate the secure handshake.
Local fix
New function gives the ability to configure the Secure FTP port, as well as the ability to disable the Secure FTP port. This will allow non-secure traffic to use port 990. . KEYWORDS: secure ftp port 990
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release 4 and Version 1 * * Release 5 IP: FTP * **************************************************************** * PROBLEM DESCRIPTION: Secure FTP uses port 990 in a * * secure-only environment with the * * FTP Client. Non-secure transmissions * * are not possible, as the client will * * check for the listening port of 990, * * and then attempt to initiate the * * secure handshake. * **************************************************************** * RECOMMENDATION: * **************************************************************** FTP Client and server assume that any connection on PORT 990 will be a secure FTP session. As such, the authentication negotiation is attempted and will fail if the FTP client is connecting to some other server on PORT 990. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
Temporary fix
Comments
The FTP server and client have been modified to allow the TLS secure port to be configured via a new FTP.DATA parameter TLSPORT. The following documentation changes will be made. ================================================================ z/OS Communications Server IP Configuration Reference Version 1 Release 4 Document Number SC31-8776-03 ---------------------------------------------------------------- z/OS Communications Server IP Configuration Reference Version 1 Release 5 Document Number SC31-8776-04 ---------------------------------------------------------------- A new FTP.DATA statement needs to be added, under File Transfer Protocol chapter under FTP.DATA Statements TLSPORT Statement Use the TLSPORT statement to set the secure port on which the FTP client and/or the FTP server implicitly protects the FTP session with TLS. The default port that is used is port 990. If you want to use port 990 for unsecured FTP sessions, use this statement to select a different secure port for implicit secure FTP sessions. If you want to disable support for implicit secure FTP, use a value of 0. Syntax +---- TLSPORT 990-----+ | | >----+---------------------+--<> | | +--- TLSPORT port ---+ Parameters port The port number used for implicit secure FTP sessions. The default is 990. The range of valid values is 0 to 65534. Example TLSPORT 0 ================================================================ z/OS Communications Server IP Messages: Volume 1 (EZA) Version 1 Release 4 Document Number SC31-8783-03 ---------------------------------------------------------------- z/OS Communications Server IP Messages: Volume 1 (EZA) Version 1 Release 5 Document Number SC31-8783-04 ---------------------------------------------------------------- EZA2892I message needs to be changed to remove the hard coded references to port 990. EZA2892I Secure port value does not support the -a or -r start parameter Explanation: You specified the secure port value. The -a or -r start parameters are not allowed when you specify port value. System Action: FTP ends. User or Operator Response: Start FTP without the -a or -r start parameter if the secure port is used, or use the -a or -r start parameter with another port number. System Programmer Response: None. Source Data Set: EZAFTPCY Procedure Name: processStartParms ================================================================
APAR Information
APAR number
PQ78314
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
140
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2003-09-10
Closed date
2003-09-22
Last modified date
2004-01-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UQ80465 UQ80466 UQ80467 UQ80468 PQ82774
Modules/Macros
EZAFTPCX EZAFTPCY EZAFTPCZ EZAFTPDM EZAFTPEH EZAFTPEP EZAFTPET EZAFTPGM EZAFTPLD EZAFTPLS EZAFTPRX EZAFTPSD EZAFTPSM
SC31878304 | SC31877604 | SC31877603 | SC31878303 |
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R140 PSY UQ80465
UP03/10/09 P F310
R149 PSY UQ80466
UP03/10/09 P F310
R150 PSY UQ80467
UP03/10/09 P F310
R159 PSY UQ80468
UP03/10/09 P F310
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"140","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"140","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 January 2004