Hi All,

I'm running Z/PDT with a z/OS 2.1 build and have configured SMP/E to download ShopZ fixes via Internet order delivery.

All worked perfectly until the beginning of this week.

Now I'm getting a  

FC1003 authServer: secure_socket_init failed with rc = 402 (No SSL cipher specifications)

EZA2898I Unable to successfully negotiate required authentication

which I suspect is to do with the recent ShopZ broadcast email stating that Secure FTP need to be enabled for internet order downloads.

Got the SSL server running (and configured a Crypto processor in z/PDT) and the output from

F GSKSRVR,D CRYPTO is

GSK01009I Cryptographic status     
Algorithm       Hardware    Software
DES                 56          56 
3DES                --          -- 
AES                 --          -- 
RC2                 --          40 
RC4                 --          40 
RSA Encrypt       4096        4096 
RSA Sign          4096        4096 
RSA Verify          --        4096 
DSS                 --        2048 
SHA-1              160         160 
SHA-2              512         512 
ECC                521         521    

So I guess I'm missing the 3DES and AES algorithms in my RD&T installation.

The question I have is - where do I find them - i.e. the FMID's which should be part of standard z/OS 2.1, and I believe part of z/OS security Level 3.

JCPT411    z/OS Security Level 3 - System SSL Security Level 3
JCRY741    z/OS Security Level 3 - OCSF Security Level 3 
JSWK411    z/OS Security Level 3 - Network Authentication Srv Securit
JRSL411    z/OS Security Level 3 - IBM TDS for z/OS Security Level 3

I've had a good look around the RD&T libraries and in the SMP/E global CSI but I cannot find them - I.e. I cannot see any of the above FMIDs being received nor accepted.

I think anyone using the RD&T distribution (and perhaps also the ADCD distribution) would have similar problems if they try to use ShopZ from this week onwards.

Any suggestions or comments on how to get SSL and Secure FTP Security Level 3 activated in an RD&T/ADCD environment would be welcome - or alternatively what obvious part I've missed

Best Regards

Peter

Peter,

This is an RD&T support forum and as such, not all of what is discussed here pertains to the zPDT.   Specifically, unlike zPDT, RD&T customers are not entitled to receive regular maintenance from Shopz because that is not included in the RD&T offering.  Not sure how you pulled this off and/or what customer number and machine number you are using to acquire z/OS maintenance.  I do agree that with the changes to Shopz that drop support for FTP, if you were somehow entitled to receive maintenance for an RD&T box, you would have a problem due to the missing security level 3 libraries.

The ADCD shipping with our next release, RD&T v9.5, does include the z/OS Security Level 3 Feature and z/OS Communications Server Security Level 3 Feature.  These features are not distributed in the ADCD built for ISVs and they are not included in RD&T versions before v9.5.  Once v.9.5 is available, you could "theoretically" receive service from Shopz, but you still would have no authorization to do so from an RD&T box.

See the following for the RD&T v.9.5 announce:

http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/1/760/ENUSJP16-0031/index.html&lang=en&request_locale=en

If you have a verified requirement for z/OS Security Level 3 I suggest you contact your IBM representative for a potential upgrade to RD&T v.9.5.

RDzJohn

ShopZ supports https for downloading maintenance/products over the network.