I use TRCINT *SCKSSL.
Java related jobs excluded.
TRCINT SET(*ON) TRCTBL('SSL-1700x') SIZE(512 *MB) TRCFULL(*STOPTRC) TRCTYPE(*SCKSSL) SLTTRCPNT((17000 17009)).
TRCINT SET(*OFF) TRCTBL('SSL-1700X') OUTPUT(*PRINT)
I've enhanced the output by creating a PF and loading it from the output of the trace.
SSLVER CIPHER LIP RIP DNSNAM
TLSV1.2 TLS_RSA_WITH_AES_256_CBC_SHA2 10.X.XX.X 10.X.XXX.XX1 psirockatst01.pencor.com
TLSV1.0 TLS_RSA_WITH_AES_128_CBC_SHA 10.X.X.XXX 10.X.XX.XX psisystems02.pencor.com
SSLDAT SSLDAT A 8 1
SSLTIM SSLTIM A 15 9
SSLVER SSLVER A 10 24
CIPHER CIPHER A 30 34
LPORT LPORT A 5 64
LIP LIP A 30 69
RPORT RPORT A 5 99
RIP RIP A 30 104
JOBNAM JOBNAM A 10 134
JOBUSR JOBUSR A 10 144
JOBNUM JOBNUM A 6 154
I could send you the source if interested offline.
CPYSPLF FILE(QPCSMPRT) TOFILE(QGPL/SSLLOG) SPLNBR(*LAST) MBROPT(*REPLACE) CTLCHAR(*PRTCTL).
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Wednesday, October 21, 2015 4:40 PM
To: Midrange Systems Technical Discussion
Subject: Looking for TLS 1.0 connections
We are in the planning stages of turning off TLS 1.0 support for FTP and TELNET on our V7.1 system. We did the research on how to turn it off and that part looks straightforward. We already have the old SSL support turned off. What we are concerned about is what client access clients might be running on older PCs (still running XP or Vista) that are currently connecting using TLS 1.0 because they don't support TLS 1.1 or 1.2. I was looking for a way to try and find out if we have that problem to worry about and if we do, how big of a problem it is. I looked into the Telnet exit point data and it can tell me if the connection is secure or non-secure but it does not appear to have what protocol a secure connection is using. (we have unsecure telnet and ftp turned off completely so I know all current connections are at least TLS 1.0). Is anyone aware of any way to find out the exact level of TLS a telnet or ftp session is running under?
Pennsylvania College of Technology
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l