Use
the SECUREIMPLICITZOS statement to specify when FTP should negotiate
or expect the security handshake for TLSPORT implicitly secured connections.
Rules: - To enable a z/OS® FTP
client to log into the z/OS FTP
server using the protected port, specify the same SECUREIMPLICITZOS
statement value and TLSPORT value for the client and server.
- When using the implicit connection (FTP client is connecting to
the port specified by the TLSPORT statement), some FTP servers expect
to negotiate the security of the session immediately after the connection
is issued. If you are initiating a secure session with such a server,
code SECUREIMPLICITZOS FALSE in the client's FTP.DATA file.
- Many non-z/OS FTP
clients negotiate the security immediately after the connect and before
the initial 220 reply is received from the server. To enable these
clients to log into the z/OS FTP
server's protected port, code SECUREIMPLICITZOS FALSE in the server's
FTP.DATA file.
- Server
- The first reply that the FTP server sends to a client uses reply
code 220. The reply is sometimes referred to as the good morning reply.
The SECUREIMPLICITZOS statement specifies whether the server expects
the TLS handshake to occur before or after it sends the initial reply
220.
- Client
- The SECUREIMPLICITZOS statement specifies when the client initiates
the TLS handshake for connections to the TLSPORT (protected port).
You can change this setting using the locsite subcommand.
Syntax
.-SECUREIMPLICITZOS TRUE-------.
>>-+------------------------------+----------------------------><
'-SECUREIMPLICITZOS--+-TRUE--+-'
'-FALSE-'
Parameters
- TRUE
- This is the default.
- Server
- Specifies that the FTP server expects the security handshake to
occur after it sends the reply 220.
- Client
- Specifies that the FTP client initiates the security handshake
after the 220 (good morning) reply is received from the server.
- FALSE
-
- Server
- Specifies that the FTP server expects the security handshake before
it sends the reply 220.
- Client
- Specifies that the FTP client negotiates the security handshake
immediately after the connection and before the initial 220 reply
is received from the server.
Examples
To initiate an implicitly secured
session between a
z/OS FTP
client and a
z/OS FTP
server, code the following statements in the FTP client and server
FTP.DATA file:
SECUREIMPLICITZOS TRUE
You
could also code the following statement in both the FTP client and
server FTP.DATA file:
SECUREIMPLICITZOS FALSE
To
initiate an implicitly secured session between a non-
z/OS FTP
client and a
z/OS FTP
server, code the following statement in the FTP server FTP.DATA file:
SECUREIMPLICITZOS FALSE