× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WDSCI-L
  3. February 2017

Re: iSphere TN5250j SSL Problem

Hi Jack,

We should not put too much effort into this problem. I have no need for
connecting with SSL. I just had been ask for enabling SSL connections
and of course I wanted to test it.

Since it seems that the problem is a configuration problem, we should
close it. Maybe that someone somt times confirms that it works with WDSCi.

Thank you for your help.

Best Regards,

Thomas.

Am 20.02.2017 um 12:01 schrieb Jack Kingsley:
You should see what you have for your host side system values and what you
have configured etc in DCM. Sounds like maybe the lower level java is not
allowed in DCM with SSLV3.

https://www.ibm.com/developerworks/ibmi/library/i-system-ssl-ibmi/

http://archive.midrange.com/java400-l/201601/msg00013.html



On Sat, Feb 18, 2017 at 9:14 AM, Tools/400 <thomas.raddatz@xxxxxxxxxxx>
wrote:

I am not allowed to change the SSL setup on our IBM i nor on PUB400.com.

I downloaded TN5250j v0.6.0 (fairly old version) and I could connect to
pub400.com (SSLv3) when I start the emulator with Java 1.8. But when I
import the source code to WDSCi 7.0 and start the emulator from there,
the same errors occur.

So it must be a problem of Java 1.5 and 1.6 in conjunction with the SSL
setup on the IBM i.

Thomas.

Am 18.02.2017 um 11:48 schrieb Jack Kingsley:
Hmm... maybe the handshake on the host side is not working, do you have
correct ciphers and protocols setup on host side.

On Fri, Feb 17, 2017 at 3:55 PM, Tools/400 <thomas.raddatz@xxxxxxxxxxx>
wrote:

Jack,

I assume that you mean TLSv1.1 and TLSv1.2, right? I am not an SSL/TLS
expert but people often mix SSL and TLS. Wikipedia
(https://en.wikipedia.org/wiki/Transport_Layer_Security) mentions the
following protocols:

SSLv1.0
SSLv2.0
SSLv3.0
TLSv1.0
TLSv1.1
TLSv1.2
TLSv1.3

For TLSv1.1 and TLSv1.2, I get the "SSLContext not available" error:

24679 [Thread-10] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLSv1.2] Socket
29032 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
connect() TLSv1.2 SSLContext not available
29032 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket

46208 [Thread-12] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLSv1.1] Socket
49140 [Thread-12] WARN org.tn5250j.framework.tn5250.tnvt -
connect() TLSv1.1 SSLContext not available
49140 [Thread-12] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket

But of course these protocols should also work, if possible.

Thomas.

Am 17.02.2017 um 20:03 schrieb Jack Kingsley:
Tom, I currently do not use this tool, but wouldn't you want it to work
for
SSLV1.2??

On Fri, Feb 17, 2017 at 1:56 PM, Tools/400 <thomas.raddatz@xxxxxxxxxxx

wrote:

Hi,

Today I uploaded iSphere 3.0.0.b009, which enables SSL for the TN5250j
emulator. It works fine for RDi 9.5 and Java 7, but it does not work
for
all other IDEs with Java 1.6 and lower.

For example I receive the following errors for WDSC 7.0:

TLSv1.1:

20280 [Thread-9] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
20296 [Thread-10] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLSv1.1] Socket
20296 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
connect() TLSv1.1 SSLContext not available
20296 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket

TLS:

136532 [Thread-11] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
136532 [Thread-12] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLS] Socket
136594 [Thread-12] WARN org.tn5250j.framework.tn5250.tnvt -
connect() RSA premaster secret error
136594 [Thread-12] INFO org.tn5250j.framework.tn5250.tnvt -
Closing socket

SSLv3:

1025274 [Thread-13] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
1025274 [Thread-14] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [SSLv3] Socket
1025337 [Thread-14] WARN org.tn5250j.framework.tn5250.tnvt -
connect() Received fatal alert: protocol_version
1025337 [Thread-14] INFO org.tn5250j.framework.tn5250.tnvt -
Closing socket

SSLv2:

1076510 [Thread-15] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
1076510 [Thread-16] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [SSLv2] Socket
1076510 [Thread-16] WARN org.tn5250j.framework.tn5250.tnvt -
connect() SSLv2 SSLContext not available
1076510 [Thread-16] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket

I already tried installing the "unrestricted policy files" to solve
the
"RSA premaster secret error" as described here
"http://www-01.ibm.com/support/docview.wss?uid=swg21663373"; without
success. Maybe I did something wrong.

Maybe, that somebody of you can help solving the problem. I am stuck.

Regards,

Thomas.

--
This is the Rational Developer for IBM i / Websphere Development
Studio
Client for System i & iSeries (WDSCI-L) mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.


--
This is the Rational Developer for IBM i / Websphere Development Studio
Client for System i & iSeries (WDSCI-L) mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.


--
This is the Rational Developer for IBM i / Websphere Development Studio
Client for System i & iSeries (WDSCI-L) mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.