I've recently put some updated tools on GitHub.

Capturing Encrypted trace data

I had blogged Collecting a wire-shark trace with TLS active for a browser where you could specify an environment variable export SSLKEYLOGFILE=$HOME/sslkeylog.log. OpenSSL would write the key to this file, and Wireshark could decrypt the traffic using this data.

Unfortunately this only worked with RSA keys.  I could not get it to work with modern Elliptic Curve keys.

I've updated my zWireshark program to capture AT-TLS application data in clear text from the z/OS side.  It uses an IBM provided API, and captures the traffic between AT-TLS and the application.

Easy AT-TLS,AT-TLS configuration reporter, and configuration tool

Ive put some code on GitHub which does

Formats the output from the PASEARCH command

For example one rule produces the compact 

policyRule : COLATTLJ
LocalAddr : All
RemoteAddr : '10.1.1.2/32'
LocalPortRange : 4000-4000
JobName : COLCOMPI
UserId : COLIN
Direction : Both
TTLSEnabled : On
Trace : 255
HandshakeRole : ServerWithClientAuth
Keyring : start1/TN3270
TLSv1.1 : Off
TLSv1.2 : On
TLSv1.3 : Off
HandshakeTimeout : 3
ClientECurves : Any
ServerCertificateLabel : NISTECCTEST
V3CipherSuites : [
   003D  TLS_RSA_WITH_AES_256_CBC_SHA256,
   C02C  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 ]

Creates AT-TLS definitions from YAML

It takes a file in the above format (YAML) and generates AT-TLS definitions.

See my blog post.  It hides the complexity of the internal  AT-TLS structures

I would welcome any comments, problems or suggestions on how to improve them.

Colin