|
From how I understand it the client says "I can support these ciphers". Ifthe SSL certificate on the server uses those, it's ok. If not, it's an
Kind of list the original thread. If this is a website you can go to
ssllabs.com and ask them to check out the site and tell you
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of B
Stone
Sent: Tuesday, May 19, 2020 1:03 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: GSKit SSL Handshake error 406 errno 3406
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
So, here's an interesting turn. The place that is using this certificate
we asked if they could update it so they are not using an obsolete cipher.
The main reasoin is that if they didn't, it would mean changing the
defaults of SSL on the system so we could modify the cipher list. Not
always a good idea (although all other systems seem to work with this
certificate).
They replied with a note saying that they support all these ciphers [insert
large list here] so it shouldn't be an issue.
I tried to explain that the list isn't what their SSL certificate is using
or is making available to clients connecting. That would be like me
showing a client the system value for QSSLCSL and saying that my SSL
website accepts all those ciphers, when in fact it's the certificate itself
that uses specific ciphers.
Am I missing something here, or is this just a miscommunication? I don't
think they understand how SSL handshakes work.. or maybe I don't! :)
Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #15 <https://www.bvstools.com/mailtool.html>: The ability
to add a Footer to each email sent using an IFS stream file.
On Mon, May 18, 2020 at 8:59 AM B Stone <bvstone@xxxxxxxxx> wrote:
Ok, I have verified by updating the SSL cipher list that this error wasin
fact caused by an obsolete cipher. When I added the cipher to the listthe
error disappeared.as
We will be working with the admins of the endpoint to see if they are
willing to update their certificate.
Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #10 <https://www.bvstools.com/mailtool.html>: Resend
Emails - When emails are sent using MAILTOOL Plus or another addon, those
emails are logged and you have the ability to resend them one by one, or
a batch (ie, all unsent emails at once).received
On Tue, May 12, 2020 at 10:54 PM B Stone <bvstone@xxxxxxxxx> wrote:
I already have all that information from the chrome inspection. I even
posted it in my reply to Scott.
On Tue, May 12, 2020 at 7:27 PM Jack Woehr <
jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
On Tue, May 12, 2020 at 5:50 PM B Stone <bvstone@xxxxxxxxx> wrote:
But I would need to know/look up which cipher(s) to enable to test my
theory. :)
To test the server and see what it is serving up for SSL:
https://www.ssllabs.com/ssltest/
--
Jack Woehr
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021
NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you
delete/destroythis communication in error, please contact the sender and
--all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
