Diagnostic aids for AT-TLS support

Before you begin, you need to know that a packet trace can be taken to ensure that mail is encrypted before being sent. If packet traces show that encryption has occurred, but a specific packet is suspected of being unencrypted, set confLOG_LEVEL to a value greater than 9 and re-create the packet. If there were any errors in encryption, they are sent to syslog with LOG_ERR. After investigating a single packet, if you want to investigate whether SSL function calls were in error, use -d96.9 debug to check all return codes to gsk_xxx calls.

To analyze the reason individual System SSL function calls are in error, follow these steps:

  1. Set the /etc/mail/zOS.cf file GskTraceFile parameter to a file name to receive the System SSL trace.
  2. Rerun the command.
  3. Use the System SSL gsktrace command to create a readable copy of the trace information.

When you are done, you can use this trace information to analyze reasons individual System SSL function calls might be in error. For additional information, see z/OS Cryptographic Services System SSL Programming.

Parent topic: Diagnosing z/OS UNIX sendmail and popper problems