|

»

SSL port 990 mainframe ???

View: New views

5 Messages — Rating Filter: Alert me

	SSL port 990 mainframe ??? by Marian-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message SSL port 990 mainframe ??? Hello Folks ... I have had ssl handshaking (ftp over ssl) on port 21working between a mainframe running z/OS 1.8 and any platform, aix, windows, linux, no problem. I am now trying to do the same with port 990 and for the life of me cannot get it to work. The connection to port 990 is successful however the host (mainframe) drops my connection immediately. I have tried both implicit & explicit ftps ... My question is does anyone know anything ‘odd’ about port 990, ssl and the mainframe ??? Thanks so much to anyone with a clue : } Marian
	Re: SSL port 990 mainframe ??? by William Adams-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message i may not have a clue; but here are a couple of things to check. lots of tcpip profiles run with port reservations. the ftp server has to be configured to listen on 990 which is probably is if the connection is sucessful. but if it is and the mainframe is running RACF(or equivilent) that defines port access in terms of facility, there should be some error messages in the syslog if that is the problem. the tcpip profile should show you whether or not the privleged port are reserved. On Tue, Nov 3, 2009 at 2:22 PM, Marian Turczyn <turczyn@...> wrote: Hello Folks ... I have had ssl handshaking (ftp over ssl) on port 21working between a mainframe running z/OS 1.8 and any platform, aix, windows, linux, no problem. I am now trying to do the same with port 990 and for the life of me cannot get it to work. The connection to port 990 is successful however the host (mainframe) drops my connection immediately. I have tried both implicit & explicit ftps ... My question is does anyone know anything ‘odd’ about port 990, ssl and the mainframe ??? Thanks so much to anyone with a clue : } Marian
	Re: SSL port 990 mainframe ??? by Marian-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Re: SSL port 990 mainframe ??? Hey thanks so much for the reply. Yes, the tcp/ip port definitions are the same for port 21 as for port 990. Port 21 is working, ftp over ssl/tls ... Port 990 is defined the same within tcp/ip ... I do make a connection after the ftp is initiated, then I get dropped perhaps that is in the omvs segment ??? Not sure ?? ... Port 21 and 990 imply different things by definition however both should be able to do ftp over ssl/tls and I do have one (21/ssl/tls) working. So what am I missing ?? : { Thanks for giving my problem some thought ! -m On 11/3/09 5:04 PM, "William Adams" <wlarip@...> wrote: i may not have a clue; but here are a couple of things to check. lots of tcpip profiles run with port reservations. the ftp server has to be configured to listen on 990 which is probably is if the connection is sucessful. but if it is and the mainframe is running RACF(or equivilent) that defines port access in terms of facility, there should be some error messages in the syslog if that is the problem. the tcpip profile should show you whether or not the privleged port are reserved. On Tue, Nov 3, 2009 at 2:22 PM, Marian Turczyn <turczyn@...> wrote: Hello Folks ... I have had ssl handshaking (ftp over ssl) on port 21working between a mainframe running z/OS 1.8 and any platform, aix, windows, linux, no problem. I am now trying to do the same with port 990 and for the life of me cannot get it to work. The connection to port 990 is successful however the host (mainframe) drops my connection immediately. I have tried both implicit & explicit ftps ... My question is does anyone know anything ‘odd’ about port 990, ssl and the mainframe ??? Thanks so much to anyone with a clue : } Marian
	RE: SSL port 990 mainframe ??? by sajupaul :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Re: SSL port 990 mainframe ??? SSL on Port 21 usually is Explicit and on 990 Implicit. The difference between the two being that in Explicit the client gets to decide by sending the AUTH command when the SSL handshake happens. On Implicit the SSL handshake happens right after connect. You could use the command line openssl s_client utility to check where things are breaking down. $ openssl s_client -connect ftp.zosserver.com:990 From: owner-openssl-users@... [mailto:owner-openssl-users@...] On Behalf Of Marian Turczyn Sent: Tuesday, November 03, 2009 8:44 PM To: openssl-users@... Subject: Re: SSL port 990 mainframe ??? Hey thanks so much for the reply. Yes, the tcp/ip port definitions are the same for port 21 as for port 990. Port 21 is working, ftp over ssl/tls ... Port 990 is defined the same within tcp/ip ... I do make a connection after the ftp is initiated, then I get dropped perhaps that is in the omvs segment ??? Not sure ?? ... Port 21 and 990 imply different things by definition however both should be able to do ftp over ssl/tls and I do have one (21/ssl/tls) working. So what am I missing ?? : { Thanks for giving my problem some thought ! -m On 11/3/09 5:04 PM, "William Adams" <wlarip@...> wrote: i may not have a clue; but here are a couple of things to check. lots of tcpip profiles run with port reservations. the ftp server has to be configured to listen on 990 which is probably is if the connection is sucessful. but if it is and the mainframe is running RACF(or equivilent) that defines port access in terms of facility, there should be some error messages in the syslog if that is the problem. the tcpip profile should show you whether or not the privleged port are reserved. On Tue, Nov 3, 2009 at 2:22 PM, Marian Turczyn <turczyn@...> wrote: Hello Folks ... I have had ssl handshaking (ftp over ssl) on port 21working between a mainframe running z/OS 1.8 and any platform, aix, windows, linux, no problem. I am now trying to do the same with port 990 and for the life of me cannot get it to work. The connection to port 990 is successful however the host (mainframe) drops my connection immediately. I have tried both implicit & explicit ftps ... My question is does anyone know anything ‘odd’ about port 990, ssl and the mainframe ??? Thanks so much to anyone with a clue : } Marian No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.424 / Virus Database: 270.14.46/2477 - Release Date: 11/02/09 19:39:00
	Re: SSL port 990 mainframe ??? by William Adams-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message if there are no security messages in the MVS syslog, here is one other place i might look: if the syslogd daemon is running, usually FTPD (depending on its own config file) will write messages concerning the connections it permits(or denys) into a file specified by /etc/syslog.conf. these are usually in the /tmp directory and can be browsed by using ish. they are usually mixed with messages from other daemons but you might find a cluster of them concerning your port 990 connection that could be useful. On Tue, Nov 3, 2009 at 8:44 PM, Marian Turczyn <turczyn@...> wrote: Hey thanks so much for the reply. Yes, the tcp/ip port definitions are the same for port 21 as for port 990. Port 21 is working, ftp over ssl/tls ... Port 990 is defined the same within tcp/ip ... I do make a connection after the ftp is initiated, then I get dropped perhaps that is in the omvs segment ??? Not sure ?? ... Port 21 and 990 imply different things by definition however both should be able to do ftp over ssl/tls and I do have one (21/ssl/tls) working. So what am I missing ?? : { Thanks for giving my problem some thought ! -m On 11/3/09 5:04 PM, "William Adams" <wlarip@...> wrote: i may not have a clue; but here are a couple of things to check. lots of tcpip profiles run with port reservations. the ftp server has to be configured to listen on 990 which is probably is if the connection is sucessful. but if it is and the mainframe is running RACF(or equivilent) that defines port access in terms of facility, there should be some error messages in the syslog if that is the problem. the tcpip profile should show you whether or not the privleged port are reserved. On Tue, Nov 3, 2009 at 2:22 PM, Marian Turczyn <turczyn@...> wrote: Hello Folks ... I have had ssl handshaking (ftp over ssl) on port 21working between a mainframe running z/OS 1.8 and any platform, aix, windows, linux, no problem. I am now trying to do the same with port 990 and for the life of me cannot get it to work. The connection to port 990 is successful however the host (mainframe) drops my connection immediately. I have tried both implicit & explicit ftps ... My question is does anyone know anything ‘odd’ about port 990, ssl and the mainframe ??? Thanks so much to anyone with a clue : } Marian