Use
the TLSRFCLEVEL statement to specify the level of RFC 4217 (Securing
FTP with TLS) that FTP supports. You can also use the locsite
subcommand to set this keyword. For information about RFCs, see Related protocol specifications.
- Server
- This setting applies when EXTENSIONS AUTH_TLS is coded in the
server's FTP.DATA file.
- Client
- This setting applies when SECURE_MECHANISM TLS is coded in the
client's FTP.DATA file.
Restrictions: - FTP supports the TLSPORT statement regardless of the TLSRFCLEVEL
setting. FTP connections to the TLSPORT are implicitly secured with
TLS as described in the internet draft.
- The TLSRFCLEVEL parameters must be the same on the FTP client
and server when using RFC4217 or the CCCNONOTIFY parameter. If the
parameters are different, connections might be reset or sessions appear
to lock up and eventually timeout.
- The CCCNONOTIFY option is not valid with TLSMECHANISM ATTLS. If
both are specified, the use of the CCC command causes the FTP session
to fail. If CCCNONOTIFY is required for the partner system, configure
TLSMECHANISM FTP with associated statements and exemption in the TTLSRules.
Syntax
.-TLSRFCLEVEL DRAFT------------.
>>-+------------------------------+----------------------------><
'-TLSRFCLEVEL--+-DRAFT-------+-'
+-RFC4217-----+
'-CCCNONOTIFY-'
Parameters
- DRAFT
- Specifies that FTP supports the Internet-draft revision of RFC
4217. This is the level of RFC 4217 support that z/OS® FTP has offered since Communications Server
V1R2. This is the default.
Guideline: Specify this option,
or allow it to default, to maintain the pre-V1R9 support for FTP TLS-protected
sessions.
- RFC4217
- Specifies that FTP supports RFC 4217.
- CCCNONOTIFY
- Specifies that FTP does not issue the TLSshutdown after sending
or receiving the CCC command. RFC 4217 did not mandate this flow
until Internet draft revision 14.
Examples
Code this statement in the client's
FTP.DATA file to enable RFC 4217 compliance:
TLSRFCLEVEL RFC4217