Roberto,
The fix is removing TLSv1.3 as the default, TLSv1.2 will now be the default. Some hardware/software in the equation is not handling TLSv1.3.
This worked for us.
Paul
From: Roberto José Etcheverry Romero <yggdrasil.raiker@xxxxxxxxx>
Sent: Thursday, July 30, 2020 12:11 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Subject: Re: 5250 SSL issue after latest PTF
________________________________
CAUTION: This email originated from outside of the PENCOR network. Do not click on any links or open attachments unless the sender is known, and the content is verified as safe.
________________________________
Paul,
If the fix is only adding protocols and ciphers, why would it be a problem? AFAIK most if not all programs do a handshake and compare compatible protocols/ciphers until they figure out what to use.
Roberto
On Thu, Jul 30, 2020 at 12:54 PM Steinmetz, Paul via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>> wrote:
I had other SSL issues related to latest PTFs.
TLSv1.3 enabled by default with latest PTFs.
Disable TLSv1.3
QSSLCSLCTL will be changed from *OPSYS to *USRDFN
QSSLPCL will be changed from *OPSYS to
:*TLSV1.2
*TLSV1.1
*TLSV1
TLSV1.3 ciphers also have to be removed from QSSLCSL
*AES_128_GCM_SHA256
*AES_256_GCM_SHA384
*CHACHA20_POLY1305_SHA256
*ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
*ECDHE_RSA_CHACHA20_POLY1305_SHA256
Paul
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx<mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx>> On Behalf Of kannan r
Sent: Thursday, July 30, 2020 11:48 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: 5250 SSL issue after latest PTF
________________________________
CAUTION: This email originated from outside of the PENCOR network. Do not click on any links or open attachments unless the sender is known, and the content is verified as safe.
________________________________
Hi,
IBM I Access 5250 is not working after the latest PTF. Its throwing SSL error "CWBCO1034 - SSL error, function returned 25202" when connecting via port 992.
Normal port 23 is working fine. And via 992 port in ACS is working fine.
Any suggestions.
Thanks,
Kannan.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx> To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related questions.
Help support midrange.com<
http://midrange.com> by shopping at amazon.com<
http://amazon.com> with our affiliate link:
https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related questions.
Help support midrange.com<
http://midrange.com> by shopping at amazon.com<
http://amazon.com> with our affiliate link:
https://amazon.midrange.com
midrange.com
