BTW, I agree with Larry wholeheartedly. You need to get off 7.1.
Steve Pitcher
iTech Solutions
Office: (203) 744-7854 Ext. 176
Mobile: (902) 301-0810
http://www.itechsol.com
http://www.iInTheCloud.com
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steve Pitcher
Sent: Friday, March 2, 2018 12:26 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>; DrFranken <midrange@xxxxxxxxxxxx>
Subject: RE: enabling TLS 1.2 on iseries
Four should work if you have TLS12 enabled. 2 if not.
Steve Pitcher
iTech Solutions
Office: (203) 744-7854 Ext. 176
Mobile: (902) 301-0810
http://www.itechsol.com
http://www.iInTheCloud.com
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of tim
Sent: Friday, March 2, 2018 12:01 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>; DrFranken <midrange@xxxxxxxxxxxx>
Subject: Re: enabling TLS 1.2 on iseries
Dang, hole is getting deeper. Here is what i have found about ciphers:
Cybersource:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp384r1 (eq. 7680 bits RSA) FS128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp384r1 (eq. 7680 bits RSA) FS128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
QSSLCSL
*RSA_AES_128_CBC_SHA
*RSA_RC4_128_SHA
*RSA_RC4_128_MD5
*RSA_AES_256_CBC_SHA
*RSA_3DES_EDE_CBC_SHA
*RSA_DES_CBC_SHA
*RSA_EXPORT_RC4_40_MD5
*RSA_EXPORT_RC2_CBC_40_MD5
*RSA_RC2_CBC_128_MD5
*RSA_3DES_EDE_CBC_MD5
*RSA_DES_CBC_MD5
*RSA_NULL_SHA
*RSA_NULL_MD5
On 3/2/2018 10:47 AM, DrFranken wrote:
Tim,
Be aware that though TLS 1.2 appears there you may not have the
needed ciphers available to support your bank's connection anyway. If
they are not there now (and as I suggest they likely aren't) they
never will be.
I am not kidding when I say "START PLANNING FOR i 7.2 or newer
IMMEDIATELY" as these ciphers are available in the current releases.
- Larry "DrFranken" Bolhuis
www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.
On 3/2/2018 10:20 AM, tim wrote:
We are on v7r1.
our credit card company (cybersource) is dropping anything lower then
TLS1.2.
Im following directions by ibm at
https://www-01.ibm.com/support/docview.wss?uid=nas8N1019971.
When i try to add the value to QSSLPCL "*TLSV1.2", i get system value
not allowed error. WRKPTFGRP SF99707 shows its installed (level 11).
Can anyone help with this?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
As an Amazon Associate we earn from qualifying purchases.