[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 5722AC3 in V5R2

To: <ftpapi@xxxxxxxxxxxxx>
Subject: RE: 5722AC3 in V5R2
From: "Ian Patterson" <ian@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 27 Aug 2004 11:30:22 +0100
Importance: Normal
In-reply-to: <20040826112420.G99261@grungy.dstorm.net>
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx

Sender: "Ian Patterson" <ian@xxxxxxxxxxxxxxxxxxxx>

Thanks for the info.

You guys are correct, my Customer is confused, dyxlexic, or both.
He had got CE3 as well as AC3 & didn't read the labels.

For your info, we have 3 sites (including us) using HTTPAPIR4 / SSL and none
have Client Encryption installed.
So I am pretty sure its not a pre-requisit for the API

Regards

Ian Patterson

ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx>

Grange IT Limited
tel 01947 880458
www.grangesystems.com



-----Original Message-----
From: owner-ftpapi@xxxxxxxxxxxxx [mailto:owner-ftpapi@xxxxxxxxxxxxx]On
Behalf Of Scott Klement
Sent: 26 August 2004 17:34
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: 5722AC3 in V5R2


Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>

> We use the HTTPAPIR4 utility with our client program connecting to a
remote
> secure server via SSL.
> All testing has been done at V5R1M0, and 5722AC3 ships on one CD

Hmmm... I skipped V5R1, but both V4R5 and V5R2 came on two CDs.  They are:

   5722-AC3 Crypto Access Provider 128-bit for AS/400
   5722-CE3 Client Encryption 128-bit


> One of my Customers has just ordered AC3 for V5R2M0, and it has come on
two
> CD's.  One for client, and one for server.

I think you're getting your wires crossed somewhere. There's no specific
"server" one... there's Client Encryption and Crypto Access Provider.
(Unless that has changed since I installed the V5R2 version in April?)

I don't know whether you need to install both,

> I <assume> we only need the client version.
> Has anyone gone down this route yet? & why two versions ??

Here's a quote from the Information Center on the prerequisites for using
SSL on the iSeries:


SSL Prerequisites:

    * IBM Digital Certificate Manager (DCM), option 34 of OS/400 (5722-SS1)
    * TCP/IP Connectivity Utilities for iSeries (5722-TC1)
    * IBM HTTP Server for iSeries (5722-DG1)
    * If you are trying to use the HTTP server to use the DCM, be sure you
have the IBM Developer Kit for Java(TM) (5722-JV1) installed, or the HTTP
admin server will not start.
    * The IBM Cryptographic Access Provider product, 5722-AC3 (128-bit).
The bit size for this product indicates the maximum size of the secret
material within the symmetric keys that can be used in cryptographic
operations. The size allowed for a symmetric key is controlled by the
export and import laws of each country. A higher bit size results in a
more secure connection.
    * You may also want to install cryptographic hardware to use with SSL
to speed up the SSL handshake processing. As of release V5R2M0, the
following cryptographic hardware options are available to you, for use
with your iSeries server:
          o 2058 Cryptographic Accelerator (Hardware Feature code 4805)
          o 4758 Cryptographic Coprocessor (Hardware Feature codes 4801 or
4802)

      If you want to install cryptographic hardware, you must also install
Option 35, the Cryptographic Service Provider.

If you want to use SSL with any iSeries Access for Windows or IBM Toolbox
for Java component you must also install the iSeries Client Encryption
product, 5722-CE3 (128-bit). iSeries Access for Windows needs this product
in order to establish the secure connection.

Note:
    You do not need to install a Client Encryption Product to use the
PC5250 emulator that is shipped with the Personal Communications product.
Personal Communications has its own built-in encryption code.


The quote is from the following page:
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/info/rzain/rzainplanssl.ht
m

To me, it sounds like the "Client Encryption" is *NOT* needed for HTTPAPI.
However, I've never tried it without Client Encryption installed.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

References:
- Re: 5722AC3 in V5R2
  - From: Scott Klement

Prev by Date: Re: 5722AC3 in V5R2
Next by Date: Re: FTPAPI
Previous by thread: Re: 5722AC3 in V5R2
Next by thread: Re: 5722AC3 in V5R2
Index(es):
- Date
- Thread