Use the TLSRFCLEVEL statement to specify the level of RFC 4217 (Securing FTP with TLS) that FTP supports. You can also use the locsite subcommand to set this keyword. For information about RFCs, see Related protocol specifications.
- Server
- This setting applies when EXTENSIONS AUTH_TLS is coded in the server's FTP.DATA file.
- Client
- This setting applies when SECURE_MECHANISM TLS is coded in the client's FTP.DATA file.
Restrictions:
- FTP supports the TLSPORT statement regardless of the TLSRFCLEVEL setting. FTP connections to the TLSPORT are implicitly secured with TLS as described in the internet draft.
- The TLSRFCLEVEL parameters must be the same on the FTP client and server when using RFC4217 or the CCCNONOTIFY parameter. If the parameters are different, connections might be reset or sessions appear to lock up and eventually timeout.
- The CCCNONOTIFY option is not valid with TLSMECHANISM ATTLS. If both are specified, the use of the CCC command causes the FTP session to fail. If CCCNONOTIFY is required for the partner system, configure TLSMECHANISM FTP with associated statements and exemption in the TTLSRules.
Syntax
.-TLSRFCLEVEL DRAFT------------. >>-+------------------------------+---------------------------->< '-TLSRFCLEVEL--+-DRAFT-------+-' +-RFC4217-----+ '-CCCNONOTIFY-'
Parameters
- DRAFT
- Specifies that FTP supports the Internet-draft revision of RFC
4217. This is the level of RFC 4217 support that z/OS® FTP has offered since Communications Server
V1R2. This is the default.
Guideline: Specify this option, or allow it to default, to maintain the pre-V1R9 support for FTP TLS-protected sessions.
- RFC4217
- Specifies that FTP supports RFC 4217.
- CCCNONOTIFY
- Specifies that FTP does not issue the TLSshutdown after sending or receiving the CCC command. RFC 4217 did not mandate this flow until Internet draft revision 14.
Examples
Code this statement in the client's FTP.DATA file to enable RFC 4217 compliance:
TLSRFCLEVEL RFC4217