White Papers
Abstract
Z/OS customers using the PDUU (AMAPDUPL) utility to send documentation need to ensure they are using a strong cipher
when connecting to the server. Firewalls should also be updated to ensure that stronger ciphers are not blocked.
Time frame: 6 Months from the time of this published note.
Risk: Low - Moderate, The SHA-1 cipher is a secure cipher, but no longer considered strong enough for IBM standards
of security.
Content
Using the PDUU utility with the HTTPS option users may see the error 'No SSL cipher specifications'.
The PDUU batch job can be modified as follows to allow the use of a stronger cipher when connecting to the ECUREP server.
//XXXXXXXX JOB
//SENDSFTP EXEC PGM=AMAPDUPL,REGION=0M,TIME=NOLIMIT
//SYSUT1 DD DISP=SHR,DSN=UID.DUMP.XXXX
//SYSPRINT DD SYSOUT=A
//DEBUG DD SYSOUT=A
//CEEOPTS DD *
ENVAR(GSK_V3_CIPHER_SPECS=3D38392F3233,GSK_PROTOCOL_TLSV1_2=1)
//SYSIN DD *
USERID=y
PASSWORD=x
TARGET_SYS=www.secure.ecurep.ibm.com
TARGET_DSN=UID.XXXX
WORK_DSN=UID.PDUU.WORKDSN
WORK_DSN_SIZE=100
CC_FTP=3
DIRECTORY=mvs
CASE=TSxxxxxxxxx
USE_HTTPS=Y
HTTPS_KEYRING=UID/RING-NAME
HTTPS_VERBOSE=Y
/*
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG90","label":"z\/OS"},"Component":"PDUU","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"2.2;2.3;2.4","Edition":"","Line of Business":{"code":"LOB56","label":"Z HW"}}]
Was this topic helpful?
Document Information
Modified date:
10 February 2020
UID
ibm11136194