B-10691 

All 

UAGSRV 
UFTP 

Add explicit FTPS (FTPES) support to UFTP. 

Enables transfers using TLS/SSL over connection to standard FTP port 21, provided the FTP server supports it. 

To request TLS/SSL from a Remote File Transfer or Remote File Monitor task, select the FTP protocol and prepend ftpes:// to the FTP server host name or IP address (e.g., ftpes://somehost). If the FTP server has enabled TLS/SSL support, the connection will proceed using encrypted communication. If TLS/SSL support is NOT enabled, a plain text session/transfer is done. 

The UFTP ENABLE_SSL configuration option (default:no) is provided to always request a TLS/SSL session, eliminating the need to specify the ftpes:// prefix. 

The UFTP AUTHENTICATE_PEER configuration option (default: no) is provided to control FTP server certificate authentication. When set to “yes”, the UFTP CA_CERTIFICATES configuration option must specify a CA certificate that can authenticate the FTP server’s certificate. 

B-13316 

Unix (except HP-UX) 
Windows 

UFTP 

Update SSH Key Exchange and Cipher support for SFTP transfers.  

Provides better compatibility with default OpenSSH configurations, by making the following changes to supported key exchange methods: 

Added: 

• ecdh-sha2-nistp521 
• ecdh-sha2-nistp384 
• ecdh-sha2-nistp256 
• curve25519-sha26
  

Removed: 

• diffie-helman-group-exchange-sha 
• diffie-helman-group14-sha1 
• diffie-helman-group1-sha1
  

The diffie-helman-group-exchange-sha256 key exchange method was left unchanged. 

Support for the following ciphers was added: 

• AES-256-CTR 
• AES-192-CTR 
• AES-128-CTR
  

Support for the following ciphers was left unchanged: 

• AES-256-GCM 
• AES-128-GCM 
• AES-256-CBC 
• AES-192-CBC 
• AES-128-CBC 

D-10435 

Windows 

UCMD 
UCTL 
UDM 
UFTP 

Issue a configuration error when the DES-CBC-SHA cipher is specified from a Windows component. 

This cipher was deprecated in a previous release and since then, Agent server components would fail to negotiate a session with a manager component that only requested the DES-CBC-SHA cipher. However, the value itself should have been flagged during configuration processing and not presented to the server. 

D-10470 

Linux PPC 

All 

Prevent a crash during OpenSSL random number generation seeding observed on RHEL8 on a PowerPC system. 

D-10474 

z/OS 

UCMD 
UCTL 
UDM 
UEM 
UFTP 

Prevent a situation in which command line parameters provided via a SYSIN statement were ignored if they followed a password on the same line. 

For example, given the following: 

 //SYSIN DD * 
-userid uid -pwd password -level info 
/* 

 The -level option would be ignored unless moved to a separate line:
//SYSIN DD * 
-userid uid -pwd password 
-level info 
/*