In System I Navigator, open the properties for the machine you are connecting to, select the Secure Sockets tab, click the Verify SSL Connection, when the window opens that is verifying, click open the first entry in the Status: box with a + and down in the messages will be a CWBCO1030 Message. Connecting from my bank to the Allen DC I get the following:
CWBO1030 - SSL version TLSV1 was used and cipher suite 2F selected
CWB01056 - FIPS mode is active for this connection
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Fenstermacher
Sent: Thursday, May 23, 2013 11:12
To: Midrange Systems Technical Discussion
Subject: RE: SSL with iSeries Access
Thanks, that helps. We're using *OPSYS with a few specified in QSSLCSL, is there a way to find out which SSL version a connection is using?
Paul Fenstermacher | Sys/NW Admin,Sr | Corporate Systems - POWER Systems Administration | Jack Henry & Associates, Inc.®
663 West Highway 60 | Monett, MO 65708 | Ph. 417.235.6652 | x177389 | pfenstermacher@xxxxxxxxxxxxx
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of brad.lovelady@xxxxxxxxxxxxxx
Sent: Thursday, May 23, 2013 12:30 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: SSL with iSeries Access
Check your system value (assuming you are on >= V6R1) QSSLPCL. If it's set to default which is *OPSYS that means you are allowing any TSL/SSL version supported by that particular OS release level. Otherwise that value can be manually altered to only allow specific TLS/SSL versions.
If the auditor meant to ask about supported CIPHER suites then check system value QSSLCSL instead.
***********************************
Bradford Lovelady
Operating Systems Engineer
Technology Infrastructure Services
Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209 MAC W2691-010 Tel 205-938-1999 l Cell 205-826-2834
brad.lovelady@xxxxxxxxxxxxxx
Wells Fargo Confidential
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Fenstermacher
Sent: Thursday, May 23, 2013 10:47 AM
To: Midrange Systems Technical Discussion (midrange-l@xxxxxxxxxxxx)
Subject: SSL with iSeries Access
How can I find out what version of SSL is being used with iSeries Access connections? PCI auditor inquiry.
Paul Fenstermacher | Sys/NW Admin,Sr | Corporate Systems - POWER Systems Administration | Jack Henry & Associates, Inc.(r)
663 West Highway 60 | Monett, MO 65708 | Ph. 417.235.6652 | x177389 | pfenstermacher@xxxxxxxxxxxxx<mailto:pfenstermacher@xxxxxxxxxxxxx>
NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
************************************************************************
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or taking any action based on it, is strictly prohibited.
***********************************************************************
As an Amazon Associate we earn from qualifying purchases.