The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact email@example.com.
In anticipation of moving from v7.3 to v7.4 we're trying to see if any of our TLSV1.x conversations are lower than 1.2.
More than a year ago posts mentioned using the TRCINT to track SCKSSL uses. We ran that overnight and when we ended the trace it showed zero results.
TRCINT SET(*ON) TRCTBL('SSL-1700x') SIZE(512 *MB) TRCFULL(*STOPTRC) TRCTYPE(*SCKSSL) SLTTRCPNT((17000 17009))
TRCCNN SET(*OFF) TRCTBL('SSL-1700x') OUTPUT(*STMF) TOSTMF('/MYDIR/TRACES/SSL1700' *YES)
More recently we found a link showing how to use the SSLCONFIG macro, which very nicely counts the number of uses for the various SSL/TLS connections, including a few for TLSV1.0.
From <https://www.ibm.com/support/pages/ibm-i-viewing-system-ssl-sslconfig-macro> Finding the SSLCONFIG macro
From <https://www.ibm.com/docs/en/i/7.3?topic=system-ssltls-protocol-version-counters> Options &c for the SSLCONFIG macro
System Values: QSSLCSL contains the system-provided list. QSSLCSLCTL = *OPSYS. QSSLPCL = *OPSYS
QAUDLVL2 includes *NETSCK and *NETSECURE
Then we extract the QAUDJRN journal entries that should include the TLSV1.0 connection, and the job name that uses it. Should.
DSPJRN JRN(QSYS/QAUDJRN) RCVRNG(*CURCHAIN) FROMTIME(071322 130000) TOTIME
(071322 152200) ENTTYP(SK) OUTPUT(*OUTFILE) OUTFILFMT(*TYPE5) OUTFILE(TESTLIB/SKXACTS6) ENTDTALEN(*CALC)
Using SQL to peek at field JOESD position 1700+/- in the resulting file, we can see the 1.2 and 1.3 connections, but no 1.0, even though the SSLCONFIG macro has counted 1 or more (a dozen or so overnight).
select * from testlib/skxacts6 where JOESD like '%TLS%'
I have the feeling the SSLCONFIG macro is looking somewhere other than position 1700+/- to count a 1.0 connection, or else the audit log is not including everything!
Can anyone point me towards the audit entries for TLSV1.0?
Paul E Musselman
As an Amazon Associate we earn from qualifying purchases.