|
To rewrite the client to use HTTPAPI or GETURI, I'm assuming they would
need to rewrite the server (is that a valid assumption?) which I'm sure
they will not do because it communicates with other clients that would also
have to be rewritten.
The current logic is using procedures like
opnskt pr 10i 0 extproc('socket')
bind pr 10i 0 extproc('bind')
connect pr 10i 0 extproc('connect')
listen pr 10i 0 extproc('listen')
accept pr 10i 0 extproc('accept')
send pr 10i 0 extproc('send')
Since it is currently using the above procedures, is changing it to use
TLS1.2 via the IBMi APIs going to be really painful and time consuming (and
thus expensive) and I should try to talk them out of it?
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Brad Stone
Sent: Wednesday, November 26, 2025 1:28 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Using TLS1.2 with IBMi custom agent software
Yes. Your client application needs to use socket APIs for any
communication. It does already, correct? If not, how is it
communicating? HTTPAPI? GETURI? SQL? Something else?
If SSL is required, then you need to use the SSL versions of those socket
APIs instead of the basic ones... and yes, the GSKit APIs.. IBM has
basically said they aren't updating the older SSL APIs any more.
It would probably be easier to rewrite the client app to use HTTPAPI or
GETURI as it's a little complicated.
On Wed, Nov 26, 2025 at 12:20 PM <smith5646midrange@xxxxxxxxx> wrote:
They are currently not using any encryption at all. It is clear text--
only. They want to add TLS1.2 encryption.
You said "The SSL APIs used in the agent should handle all that".
Since there are currently no SSL APIs in the program, it sounds like
the piece that I have been missing in my search is that I need to add
some SSL API logic to the program. Is that a correct deduction?
I never thought about the TLS logic being API stuff (duh). Searching
for "IBMi TLS API", I see stuff about GSKit. Is that the direction
that I need to go for TLS1.2?
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Brad Stone
Sent: Wednesday, November 26, 2025 12:59 PM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Using TLS1.2 with IBMi custom agent software
So you're not using TLS if there's no encryption. If you're saying
they are wanting to use TLS, my answer still stands.
On Wed, Nov 26, 2025 at 11:17 AM <smith5646midrange@xxxxxxxxx> wrote:
Wow, I missed a key piece of info in that. Currently there is noautomatically happens?
encryption. They are talking clear text.
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf
Of Brad Stone
Sent: Wednesday, November 26, 2025 12:15 PM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Using TLS1.2 with IBMi custom agent software
The SSL APIs used in the agent should handle all that. If you have
TLS set up properly and your QSSL* system values set up right and
are on V7R3 or above, the only thing you may need to do is import
the CA chain used by the certificate on the server.
On Wed, Nov 26, 2025 at 11:10 AM <smith5646midrange@xxxxxxxxx> wrote:
I have a client that has a custom server / agent software package.
The server runs on windows. The agent runs on the IBMi and some
other platforms. They want to add TLS1.2 protocol to the
communication and I have to do the IBMi side. I'm apparently not
googling with the right keywords because I'm not finding any
details on how to implement it. Are there code changes that need
to be made? It is just a different port and the encryption /
decryption
--I'm lost. Can someone point me in the right direction for what--
changes have to be made to the IBMi agent for TLS1.2? I'll take
web links, keywords for google searches, of anything else that get
me heading in the right direction. I am open to doing a teams
meeting if that would be easier. Just send me an offline request
with times that you are available.
Thanks in advance.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email:
MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change
list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
