|
midrange.com
Just love those W.A.D. answers.
The correct long form should often be "Working as designed by some idiot
with no concept of how things are used in the real world".
...Neil
"Steve Glanstein" <mic@aloha.com>
Sent by: midrange-l-admin@midrange.com
2001/08/13 16:05
Please respond to midrange-l
To: "mr" <midrange-l@midrange.com>
cc:
Subject: Subject: Re: SSL and Firewall Fun
Hello all:
Current status from IBM..."working as designed." A design change request
is
needed.
Here's the info...
Steve Glanstein
mic@aloha.com
|--------------+-----------------------------------------------------|
| |
| APAR#: SA84062 |
| |
| |
| |
| Component: 5769XE100 - CA/400 - TCP W95 |
| |
| |
| |
| Release(s) R440 |
| |
|--------------+-----------------------------------------------------|
Abstract
CA400EXP-SSL-INCORROUT CLIENT ACCESS EXPRESS SSL CONNECTION, IF
INITIATED FROM PC5250, FLOWS SIGNON & CENTRAL OVER NONSSL PORTS.
Error Description
******* (Do NOT alter/erase this or next 3 lines) *******
* EQUIVALENT ABSTRACT:
CA400EXP-SSL-INCORROUT CLIENT ACCESS EXPRESS SSL CONNECTION_ IF
INITIATED FROM PC5250_ FLOWS SIGNON & CENTRAL OVER NONSSL PORTS
Even though Client Access Express for Windows is set for all
conversations to be encrypted over SSL conversations, if the
connection is initiated from PC5250 the signon and central
server conversations flow over their non-SSL ports. If the
connection is initiated elsewhere (data transfer, Ops Nav, etc)
the servers communicate over their SSL ports. If the PC is
communicating through a firewall and the firewall filter was
written to only pass the SSL Client Access ports, this could
cause the connection to fail with msgCWBSY1000.
Problem Summary
Even though Client Access Express for Windows is set for all
conversations to be encrypted over SSL conversations, if the
connection is initiated from PC5250, the signon and central
server conversations flow over their non-SSL ports. If the
connection is initiated elsewhere (data transfer, Ops Nav, etc),
the servers communicate over their SSL ports.
Problem Conclusion
For PC5250 session connecting over port 992 to OS/400 V4R4M0
or above, the license and security flows will now flow over the
SSL ports. For pre-V4R4M0 systems, license and security for
a PC5250 session will flow over the non-SSL ports.
The exception would be the first time a connection is made to
an AS/400. At that time, if the host release level is not
known, license and security will flow over the non-SSL ports.
Temporary Fix
Comments
Circumvention
None.
PTFs Available
R440 SF60698 0035
Affected Modules
ROCSMGR
Affected Publications
Summary Information
Status................. CLOSED PER
Severity............... 2
HIPER.................. No
PIN.................... Yes
Reported Component..... 5769XE100
Fixed Component........ 5769XE100
Failing Module......... ROCSMGR
Reported Release....... R440
Reported Release PTF... SF65706
Latest Release PTF..... SF62213
FESN................... 0905820
Duplicate Of...........
IBM disclaims all warranties, whether express or implied, including,
but not limited to, the implied warranties of merchantability and
fitness
for a particular purpose. By furnishing this document, IBM grants no
licenses to any related patents or copyrights. Copyright (c) 1994,
1995,
1996,1997,1998 IBM Corporation. Any trademarks and product or brand
names
referenced in this document are the property of their respective owners.
Consult your product manuals for complete trademark information.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
