TLSV1.x Usage in anticipation of v7.4

In anticipation of moving from v7.3 to v7.4 we're trying to see if any of our TLSV1.x conversations are lower than 1.2.



More than a year ago posts mentioned using the TRCINT to track SCKSSL uses. We ran that overnight and when we ended the trace it showed zero results.



TRCINT SET(*ON) TRCTBL('SSL-1700x') SIZE(512 *MB) TRCFULL(*STOPTRC) TRCTYPE(*SCKSSL) SLTTRCPNT((17000 17009))



TRCCNN SET(*OFF) TRCTBL('SSL-1700x') OUTPUT(*STMF) TOSTMF('/MYDIR/TRACES/SSL1700' *YES)



More recently we found a link showing how to use the SSLCONFIG macro, which very nicely counts the number of uses for the various SSL/TLS connections, including a few for TLSV1.0.

From <https://www.ibm.com/support/pages/ibm-i-viewing-system-ssl-sslconfig-macro> Finding the SSLCONFIG macro

From <https://www.ibm.com/docs/en/i/7.3?topic=system-ssltls-protocol-version-counters> Options &c for the SSLCONFIG macro

System Values: QSSLCSL contains the system-provided list. QSSLCSLCTL = *OPSYS. QSSLPCL = *OPSYS

QAUDLVL2 includes *NETSCK and *NETSECURE



Then we extract the QAUDJRN journal entries that should include the TLSV1.0 connection, and the job name that uses it. Should.

DSPJRN JRN(QSYS/QAUDJRN) RCVRNG(*CURCHAIN) FROMTIME(071322 130000) TOTIME

(071322 152200) ENTTYP(SK) OUTPUT(*OUTFILE) OUTFILFMT(*TYPE5) OUTFILE(TESTLIB/SKXACTS6) ENTDTALEN(*CALC)



Using SQL to peek at field JOESD position 1700+/- in the resulting file, we can see the 1.2 and 1.3 connections, but no 1.0, even though the SSLCONFIG macro has counted 1 or more (a dozen or so overnight).

select * from testlib/skxacts6 where JOESD like '%TLS%'

I have the feeling the SSLCONFIG macro is looking somewhere other than position 1700+/- to count a 1.0 connection, or else the audit log is not including everything!



Can anyone point me towards the audit entries for TLSV1.0?


Thanks!

Paul E Musselman