This hit us about a month ago now. Clients using V6 of client access or older couldn't connect anymore. Upgrading to V7 fixed them. Still no plans for rolling out iAccess to everybody. Only myself and some other power users are on it so far :(
On Thu, 2020-07-30 at 16:12 -0300, Roberto José Etcheverry Romero wrote:
I understand. What I meant is that a PTF enabling TLSv1.3 shouldn't
interfere with anything. They should gracefully negotiate down to what they
do handle. As always not everything works as expected...
In any case it is good to know of these problems so as to avoid them (I do
have a customer that just enabled TLSv1.2 and I mentioned that as soons he
installs the latest PTF he could enable 1.3 as well, so I will warn them to
test before keeping 1.3 enabled).
Thanks
On Thu, Jul 30, 2020 at 2:32 PM Steinmetz, Paul <
<mailto:PSteinmetz@xxxxxxxxxx>
PSteinmetz@xxxxxxxxxx
wrote:
Roberto,
The fix is removing TLSv1.3 as the default, TLSv1.2 will now be the
default. Some hardware/software in the equation is not handling TLSv1.3.
This worked for us.
Paul
*From:* Roberto José Etcheverry Romero <
<mailto:yggdrasil.raiker@xxxxxxxxx>
yggdrasil.raiker@xxxxxxxxx
*Sent:* Thursday, July 30, 2020 12:11 PM
*To:* Midrange Systems Technical Discussion <
<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>
midrange-l@xxxxxxxxxxxxxxxxxx
*Cc:* Steinmetz, Paul <
<mailto:PSteinmetz@xxxxxxxxxx>
PSteinmetz@xxxxxxxxxx
*Subject:* Re: 5250 SSL issue after latest PTF
------------------------------
CAUTION: This email originated from outside of the PENCOR network. Do not
click on any links or open attachments unless the sender is known, and the
content is verified as safe.
------------------------------
Paul,
If the fix is only adding protocols and ciphers, why would it be a
problem? AFAIK most if not all programs do a handshake and compare
compatible protocols/ciphers until they figure out what to use.
Roberto
On Thu, Jul 30, 2020 at 12:54 PM Steinmetz, Paul via MIDRANGE-L <
<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>
midrange-l@xxxxxxxxxxxxxxxxxx
wrote:
I had other SSL issues related to latest PTFs.
TLSv1.3 enabled by default with latest PTFs.
Disable TLSv1.3
QSSLCSLCTL will be changed from *OPSYS to *USRDFN
QSSLPCL will be changed from *OPSYS to
:*TLSV1.2
*TLSV1.1
*TLSV1
TLSV1.3 ciphers also have to be removed from QSSLCSL
*AES_128_GCM_SHA256
*AES_256_GCM_SHA384
*CHACHA20_POLY1305_SHA256
*ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
*ECDHE_RSA_CHACHA20_POLY1305_SHA256
Paul
-----Original Message-----
From: MIDRANGE-L <
<mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx>
midrange-l-bounces@xxxxxxxxxxxxxxxxxx
On Behalf Of
kannan r
Sent: Thursday, July 30, 2020 11:48 AM
To:
<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>
midrange-l@xxxxxxxxxxxxxxxxxx
Subject: 5250 SSL issue after latest PTF
________________________________
CAUTION: This email originated from outside of the PENCOR network. Do not
click on any links or open attachments unless the sender is known, and the
content is verified as safe.
________________________________
Hi,
IBM I Access 5250 is not working after the latest PTF. Its throwing SSL
error "CWBCO1034 - SSL error, function returned 25202" when connecting via
port 992.
Normal port 23 is working fine. And via 992 port in ACS is working fine.
Any suggestions.
Thanks,
Kannan.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email:
<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe,
unsubscribe, or change list options,
visit:
<
https://lists.midrange.com/mailman/listinfo/midrange-l>
https://lists.midrange.com/mailman/listinfo/midrange-l
or email:
<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
<
https://archive.midrange.com/midrange-l>
https://archive.midrange.com/midrange-l
.
Please contact
<mailto:support@xxxxxxxxxxxxxxxxxxxx>
support@xxxxxxxxxxxxxxxxxxxx
for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
<
https://amazon.midrange.com>
https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email:
<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>
MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
<
https://lists.midrange.com/mailman/listinfo/midrange-l>
https://lists.midrange.com/mailman/listinfo/midrange-l
or email:
<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
<
https://archive.midrange.com/midrange-l>
https://archive.midrange.com/midrange-l
.
Please contact
<mailto:support@xxxxxxxxxxxxxxxxxxxx>
support@xxxxxxxxxxxxxxxxxxxx
for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
<
https://amazon.midrange.com>
https://amazon.midrange.com
[
https://www.medtronsoftware.com/img/MedtronMinilogo.bmp] Kevin Bucknum
Senior Programmer Analyst
MEDDATA / MEDTRON
120 Innwood Drive
Covington LA 70433
Local: 985-893-2550
Toll Free: 877-893-2550
https://www.medtronsoftware.com
CONFIDENTIALITY NOTICE
This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.
midrange.com
