IBM Z Hardware and Operating Systems Ideas Portal
Hide about this portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace z/OS
Categories Communications Server
Created by Guest
Created on Aug 26, 2024

RELATED IDEAS

z/OS FTP PROXY OPEN support over TLS

We've recently started to enforce TLS encryption for z/OS FTP connections. 

Some of our jobs use the FTP "proxy" command to request that a dataset be transferred from one z/OS FTP server to another z/OS FTP server. However, when this is done after enabling TLS on the primary connection the FTP client reports the following messages:

EZA2917I PROXY OPEN is not supported with security mechanisms
EZA1735I Std Return Code = 10000, Error Code = 00007 

Some sample JCL to reproduce the issue is as follows:

//* Transfer file myuser.job.cntl($ll) on host fromhost
//* to file myuser.vb255.data($junk) on host tohost
//STEP1 EXEC PGM=FTP,PARM='(EXIT' 
//NETRC DD DISP=SHR,DSN=&SYSUID..NETRC 
//SYSFTPD DD DISP=SHR,DSN=SYS1.TCPPARMS(myclient)
//SYSPRINT DD SYSOUT=* 
//OUTPUT DD SYSOUT=* 
//INPUT DD * 
fromhost
ebcdic 
site ispfstats 
proxy open tohost
proxy ebcdic 
proxy site ispfstats 
proxy get 'myuser.job.cntl($ll)' 'myuser.vb255.data($junk)'
quit 
/* 

...and the myclient member contains (among other things):

SECURE_MECHANISM TLS 
TLSMECHANISM ATTLS 
SECURE_FTP ALLOWED 
SECURE_CTRLCONN PRIVATE 
SECURE_DATACONN PRIVATE 
SECURE_HOSTNAME OPTIONAL
TLSTIMEOUT 600 
TLSPORT 0 
TLSRFCLEVEL RFC4217 
SSLV3 FALSE 



Is there a way to make the proxy FTP command work when the primary connection is protected by TLS? I don't understand why the proxy connection cannot also be protected by TLS and have it work the same way as an unprotected connection. I imagine that the proxy FTP host would need to also establish a TLS connection to the primary FTP host in order to keep all of the traffic protected.


The main benefit from implementing this support is that the ftp proxy commands work regardless of whether the connections are encrypted by TLS.

Idea priority Low

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.