× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2020

Secure FTP (FTPS) battle when moving to V7R4

Sometimes something is so far out of your wheelhouse that you are not even
sure what you don’t know that you don’t know. When that’s the case but
you’re the one in the building that knows the most about it, it become
comic.



We have a client that upgraded their server (a whole new box.) They went
from V7R1 to V7R4 and we have been unable to get a secure FTP connection
(that was working before) working now.



For this process we use the command line FTP feature. FTP
RMTSYS('xxx.xxx.xxx.xxx') SECCNN(*SSL). We have setup the digital
certificate manager settings so the IBM i TCP/IP FTP Client is configured
as closely as possible to the way it was setup on the old box. The
connection’s certificates are included in the CA Trust List and the Cipher
suites seem to be correclty defined.

When we attempt to connect, we get connected and then immediately
disconnected:

Connecting to remote host 198.217.221.3 using port 21.

220-FTP 13:29:00 on 2020-02-14.

220--------------------------------------------------------------------

220-This is a restricted system and is for the express use by authorized

220-personnel only. Unauthorized attempts to defeat or circumvent

…… continues for a while

220--------------------------------------------------------------------

220 Connection will close if idle for more than 12 minutes.

AUTH TLS

234 Security environment established - ready for negotiation

Secure connection error, return code -16.



For the longest time we were then getting

Secure connection error, return code -1.

Help indicates: “Secure Sockets Layer (SSL) function SSL_Handshake returned
code -1: No ciphers available or specified.”



After a lot delete and create of stores and self-signed certificates,
configuring the application to use the supported suites, changing of QSSL*
system values and a thousand other combinations of attempts, it appears the
proper cipher suite is now being used. We are now getting code -16 instead.
16 is described as “The peer system is not recognized.”



First I’m not sure if this means that they are disconnecting us because
they don’t recognize us or we are disconnecting them because we don’t trust
them.



Secondly, any suggestions for where in the world we go from here?


Troy Hyde

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.