× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2013

RE: SSL with iSeries Access

That is a really interesting question. In my case we only allow specific TLS/SSL versions, but if you have *OPSYS in play the system would allow any supportable version. So if you are on V7R1, the only supported versions are TLSV1.2, TLSV1.1, TLSV1, SSLV2, SSLV3....so it has to be one of those. The specific answer to your question could deviate depending on the client software making use of SSL. For example, suppose you are using MQv7 which supports TLSV1 and SSLV3. When the SSL enabled client channel initiates a "message send" to the receiver channel the very first thing that happens is a SSL handshake. IIRC the handshake process includes a step where the client and server negotiate the SSL version and preferred cipher suite based on client preference and server support. Other SSL enabled software stacks like Connect Direct, FTP, and telnet may support different SSL/TLS versions depending on the software release level of course.

So what SSL enabled software are you concerned about?

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209
MAC W2691-010
Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx


Wells Fargo Confidential

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Fenstermacher
Sent: Thursday, May 23, 2013 1:12 PM
To: Midrange Systems Technical Discussion
Subject: RE: SSL with iSeries Access

Thanks, that helps. We're using *OPSYS with a few specified in QSSLCSL, is there a way to find out which SSL version a connection is using?


Paul Fenstermacher | Sys/NW Admin,Sr | Corporate Systems - POWER Systems Administration | Jack Henry & Associates, Inc.®
663 West Highway 60 | Monett, MO 65708 | Ph. 417.235.6652 | x177389 | pfenstermacher@xxxxxxxxxxxxx


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of brad.lovelady@xxxxxxxxxxxxxx
Sent: Thursday, May 23, 2013 12:30 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: SSL with iSeries Access

Check your system value (assuming you are on >= V6R1) QSSLPCL. If it's set to default which is *OPSYS that means you are allowing any TSL/SSL version supported by that particular OS release level. Otherwise that value can be manually altered to only allow specific TLS/SSL versions.

If the auditor meant to ask about supported CIPHER suites then check system value QSSLCSL instead.

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209 MAC W2691-010 Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx


Wells Fargo Confidential

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Fenstermacher
Sent: Thursday, May 23, 2013 10:47 AM
To: Midrange Systems Technical Discussion (midrange-l@xxxxxxxxxxxx)
Subject: SSL with iSeries Access

How can I find out what version of SSL is being used with iSeries Access connections? PCI auditor inquiry.


Paul Fenstermacher | Sys/NW Admin,Sr | Corporate Systems - POWER Systems Administration | Jack Henry & Associates, Inc.(r)
663 West Highway 60 | Monett, MO 65708 | Ph. 417.235.6652 | x177389 | pfenstermacher@xxxxxxxxxxxxx<mailto:pfenstermacher@xxxxxxxxxxxxx>


NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.