× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2020

Re: Re: Secure FTP (FTPS) battle when moving to V7R4

Thanks for asking.

I had to leave early on Friday and am just getting back to this.

I've got some people verifying things with the vendor and also, new information that the firewall was replaced at the same time the server was replaced is coming to light.

As soon as I have new information, either success or more questions, I'll post.

On 2/17/2020 6:45 AM, B Stone wrote:
Troy, any word on this?

On Fri, Feb 14, 2020 at 12:04 PM B Stone <bvstone@xxxxxxxxx> wrote:

I've only ever seen -16 when the wrong port is used trying to connect to
an SSL/TLS system.

For example, if you try to use SSL to connect to port 80 on a web site,
that is the error you will get.

Seems FTP client is using the old IBM SSL APIs as well. According to IBM
they are legacy and don't support SNI either.

On Fri, Feb 14, 2020 at 11:40 AM Troy Hyde <troy.hyde@xxxxxxxxxxx> wrote:

Thanks Stefan & Justin but I think/hope we've gotten beyond the cipher
suite part.

A trace on the server side's connection indicates that they are seeing the
cipher negotiation and accepting a cipher.

We're fighting the -16 (peer system is not recognized) issue right now.






---------- Forwarded message ----------
From: Stefan Tageson <Stefan.Tageson@xxxxxxxx>
To: Midrange Systems Technical Discussion <
midrange-l@xxxxxxxxxxxxxxxxxx>
Cc:
Bcc:
Date: Fri, 14 Feb 2020 14:17:17 +0000
Subject: RE: Secure FTP (FTPS) battle when moving to V7R4
Hi,
This is how it looks like in an lpar not far from here 😊
V7R4:
Sequence Cipher
number Suite
0
10 *AES_128_GCM_SHA256
20 *AES_256_GCM_SHA384
30 *CHACHA20_POLY1305_SHA256
40 *ECDHE_ECDSA_AES_128_GCM_SHA256
50 *ECDHE_ECDSA_AES_256_GCM_SHA384
60 *ECDHE_RSA_AES_128_GCM_SHA256
70 *ECDHE_RSA_AES_256_GCM_SHA384

The first three lines are new, the others are found in V7R3 as well.

V7R3:
0
10 *ECDHE_ECDSA_AES_128_GCM_SHA256
20 *ECDHE_ECDSA_AES_256_GCM_SHA384
30 *ECDHE_RSA_AES_128_GCM_SHA256
40 *ECDHE_RSA_AES_256_GCM_SHA384
50 *RSA_AES_128_GCM_SHA256
60 *RSA_AES_256_GCM_SHA384
70 *ECDHE_ECDSA_AES_128_CBC_SHA256
80 *ECDHE_ECDSA_AES_256_CBC_SHA384
90 *ECDHE_RSA_AES_128_CBC_SHA256
100 *ECDHE_RSA_AES_256_CBC_SHA384

From line 50 and below have not made it thru V7R4

TLS 1.0 and TLS 1.1 are disabled out of a V7R4-box.

Best regards

stefan.tageson@xxxxxxxx
M +46 732 369934



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.