Re: Using TLS1.2 with IBMi custom agent software -- MIDRANGE-L

Yes. Your client application needs to use socket APIs for any
communication. It does already, correct? If not, how is it
communicating? HTTPAPI? GETURI? SQL? Something else?

If SSL is required, then you need to use the SSL versions of those socket
APIs instead of the basic ones... and yes, the GSKit APIs.. IBM has
basically said they aren't updating the older SSL APIs any more.

It would probably be easier to rewrite the client app to use HTTPAPI or
GETURI as it's a little complicated.

On Wed, Nov 26, 2025 at 12:20 PM <smith5646midrange@xxxxxxxxx> wrote:

They are currently not using any encryption at all. It is clear text
only. They want to add TLS1.2 encryption.

You said "The SSL APIs used in the agent should handle all that". Since
there are currently no SSL APIs in the program, it sounds like the piece
that I have been missing in my search is that I need to add some SSL API
logic to the program. Is that a correct deduction?

I never thought about the TLS logic being API stuff (duh). Searching for
"IBMi TLS API", I see stuff about GSKit. Is that the direction that I need
to go for TLS1.2?

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Brad Stone
Sent: Wednesday, November 26, 2025 12:59 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Using TLS1.2 with IBMi custom agent software

So you're not using TLS if there's no encryption. If you're saying they
are wanting to use TLS, my answer still stands.

On Wed, Nov 26, 2025 at 11:17 AM <smith5646midrange@xxxxxxxxx> wrote:

Wow, I missed a key piece of info in that. Currently there is no
encryption. They are talking clear text.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Brad Stone
Sent: Wednesday, November 26, 2025 12:15 PM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Using TLS1.2 with IBMi custom agent software

The SSL APIs used in the agent should handle all that. If you have
TLS set up properly and your QSSL* system values set up right and are
on V7R3 or above, the only thing you may need to do is import the CA
chain used by the certificate on the server.

On Wed, Nov 26, 2025 at 11:10 AM <smith5646midrange@xxxxxxxxx> wrote:

I have a client that has a custom server / agent software package.
The server runs on windows. The agent runs on the IBMi and some
other platforms. They want to add TLS1.2 protocol to the
communication and I have to do the IBMi side. I'm apparently not
googling with the right keywords because I'm not finding any details
on how to implement it. Are there code changes that need to be
made? It is just a different port and the encryption / decryption

automatically happens?

I'm lost. Can someone point me in the right direction for what
changes have to be made to the IBMi agent for TLS1.2? I'll take web
links, keywords for google searches, of anything else that get me
heading in the right direction. I am open to doing a teams meeting
if that would be easier. Just send me an offline request with times
that you are available.

Thanks in advance.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.