SECUREIMPLICITZOS (FTP client and server) statement

Use the SECUREIMPLICITZOS statement to specify when FTP should negotiate or expect the security handshake for TLSPORT implicitly secured connections.

Rules:
  • To enable a z/OS® FTP client to log into the z/OS FTP server using the protected port, specify the same SECUREIMPLICITZOS statement value and TLSPORT value for the client and server.
  • When using the implicit connection (FTP client is connecting to the port specified by the TLSPORT statement), some FTP servers expect to negotiate the security of the session immediately after the connection is issued. If you are initiating a secure session with such a server, code SECUREIMPLICITZOS FALSE in the client's FTP.DATA file.
  • Many non-z/OS FTP clients negotiate the security immediately after the connect and before the initial 220 reply is received from the server. To enable these clients to log into the z/OS FTP server's protected port, code SECUREIMPLICITZOS FALSE in the server's FTP.DATA file.
Server
The first reply that the FTP server sends to a client uses reply code 220. The reply is sometimes referred to as the good morning reply. The SECUREIMPLICITZOS statement specifies whether the server expects the TLS handshake to occur before or after it sends the initial reply 220.
Client
The SECUREIMPLICITZOS statement specifies when the client initiates the TLS handshake for connections to the TLSPORT (protected port). You can change this setting using the locsite subcommand.

Syntax

Read syntax diagramSkip visual syntax diagramSECUREIMPLICITZOS TRUESECUREIMPLICITZOSTRUEFALSE

Parameters

TRUE
This is the default.
Server
Specifies that the FTP server expects the security handshake to occur after it sends the reply 220.
Client
Specifies that the FTP client initiates the security handshake after the 220 (good morning) reply is received from the server.
FALSE
Server
Specifies that the FTP server expects the security handshake before it sends the reply 220.
Client
Specifies that the FTP client negotiates the security handshake immediately after the connection and before the initial 220 reply is received from the server.

Examples

To initiate an implicitly secured session between a z/OS FTP client and a z/OS FTP server, code the following statements in the FTP client and server FTP.DATA file: 
SECUREIMPLICITZOS  TRUE
You could also code the following statement in both the FTP client and server FTP.DATA file: 
SECUREIMPLICITZOS  FALSE
To initiate an implicitly secured session between a non-z/OS FTP client and a z/OS FTP server, code the following statement in the FTP server FTP.DATA file: 
SECUREIMPLICITZOS FALSE

Related topic