Security

Secure TN3270

We currently have Secure Socket Layer (SSL) with the latest version of our TN3270 Emulator client, Hummingbird 8.0. This latest client is available at the sitesoft website . Earlier releases do not support the added security.

The first session is by default a secure session, but all other sessions must be manually configured for the security by selecting TCP port 2323. Also right click your new profile and select properties, click on Security, click on the tab General and select the button with SSL/TLS. To check to see if you have the appropriate version of Hummingbird: 1) open your session 2) click on Help 3) click on About.
With the new SSL security, in the Hummingbird 8.0 client, you can now transfer files in the client using the IND$FILE transfer. Icons for the transfer are at the top of the client's screen. It is the file folder with the arrow.

Transfer -> "send"
Use the "TSO_Text" scheme
Select the local file
Select the Host file

This transfer is encrypted by the SSL connection between your pc and the mainframe.

If you recieve error messages about inablility to find host or socket erorrs then you probably have the security configuration settings wrong in the profile.

MAC Users
A version of TN3270 for MAC with SSL support was developed at Brown University and can be downloaded here. For installation and configuration visit Configuring Brown TN3270.

OASIS host name is oasis.cc.uga.edu and port is 2323.
TSO host name is tso.cc.uga.edu and port is 2323.

Secure FTP

FTP encryption using TLS/SSL enable clients is now available with the mainframe. TLS, Transport Layer Security, was included with our z/OS 1.4 Communications Server upgrade.

Clients are used when your machine connects to the mainframe. Servers are used when the mainframe connects to your machine. Some Servers/Clients will ask during configuration if you want Explicit or Implicit. Please configure Explicit, which mean that you will still be connecting on FTP port 21.

FTP Client configuration

A recommended and tested freeware is Filezilla.
From the File menu option select Site Manager, or use Ctrl+S as a hotkey. The Site Manager window will open.

Click the New Site button on the bottom left hand side of the window to add a new FTP site to your My FTP Sites folder and give the new site the name UGA Mainframe. In the Site details section input the following information:

Host: tso.cc.uga.edu
Port: 21
Servertype: select FTP over SSL (explicit encryption) from the drop down box
Logontype: Normal
Then enter your appropriate username and password.

When you click Connect, the connection will be made via SSL. FileZilla will ask if you want to accept the certificate sent by the mainframe. Accept the certificate to continue with your secure FTP session. If you don’t want to see this certificate window every time you connect, check the Always trust… checkbox before you accept the certificate.

FTP Server configuration to accept batch FTP with TLS/SSL

Novell Netware 6.5 has TLS/SSL security enhancements. This is available for download at sitesoft. You will need to check for hardware requirements when downloading.

WS FTP Server has been tested and will work with the mainframe. This product would have to be purchased. Documentation on how to create a self-signed certificate for WS FTP Server

Create a self-signed certificate that is valid for one year
Send the certificate in BASE64 (certificate.b64) or ASCII to adminfo@uga.edu
Wait for confirmation
Configure the server to accept FTP with TLS/SSL - Explicit
Add secure parameters to JCL

000400 //FTPTLS EXEC PGM=FTP,
000500 // PARM='-e -r TLS youripaddress'
000600 //SYSPRINT DD *
001100 //OUTPUT DD SYSOUT=*
001200 //INPUT DD *
001300 username password
001400 ftp commands
001500 BYE