|
I guess another option would be to switch to using node/php/python
for the data exchange. If I recall correctly they can be configured
to use any encryption method and do not have to rely on the system
supported ciphers.
But Steve's solution is the best - get the heck off that old release!
On May 1, 2020, at 4:00 PM, Steve Pitcher <SPitcher@xxxxxxxxxxxx>
wrote:
You gotta get off that POWER5 Spencer. New machine or go to the
cloud.
Or stick some sort of proxy server in front of it.
Steve Pitcher
iTech Solutions Group, LLC
p: (203) 744-7854 Ext. 176 | m: (902) 301-0810
www.itechsol.com | www.iInTheCloud.com
-----Original Message-----From: MIDRANGE-L [mailto:
midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of
Carter.SpencerSent: Friday, May 1, 2020 2:44 PMTo:
MIDRANGE-L@xxxxxxxxxxxxxxxxxx
Subject: HTTPAPI and Ciphers on 7.1
We have an existing relationship with a vendor where we exchange
info with using HTTPAPI (ver 1.4). They are updating their
security to use TLS 1.2 and 256 encryption.Our Power5 is stuck at
OS 7.1 with no virtually no chance to be upgraded.I inherited this
process so I don't fully understand it so I wanted to run it by you
experts to verify we may need to find another system to communicate
with them.
Our QSSLPCL is:*TLSV1.2*TLSV1.1
Our QSSLCSL
is:*RSA_AES_256_CBC_SHA256*RSA_AES_128_CBC_SHA256*RSA_AES_128_CBC_S
HA*RSA_AES_256_CBC_SHA
The error I get when trying to communicate with them is:(GSKit)
Peer not recognized or badly formatted message
received.ssl_error(415): (GSKit) Peer not recognized or badly
formatted message received.
They say they are using openssl's 1.1.0 definition of ciphers
matching HIGH.They did give me a file of their ciphers and there
wasn't an exact match but these were the closest:SRP-RSA-AES-256-
CBC-SHASRP-RSA-AES-128-CBC-SHA
I was expecting a different error message if it was just our
ciphers not matching. Regardless, is there no hope to get this
working?
Spencer Carter--This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list To post a message email: MIDRANGE-
L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list
options,visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our
affiliate link: https://amazon.midrange.com
-- This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing listTo post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archivesat
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our
affiliate link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
