|
You should see what you have for your host side system values and what you
have configured etc in DCM. Sounds like maybe the lower level java is not
allowed in DCM with SSLV3.
https://www.ibm.com/developerworks/ibmi/library/i-system-ssl-ibmi/
http://archive.midrange.com/java400-l/201601/msg00013.html
On Sat, Feb 18, 2017 at 9:14 AM, Tools/400 <thomas.raddatz@xxxxxxxxxxx>
wrote:
I am not allowed to change the SSL setup on our IBM i nor on PUB400.com.
I downloaded TN5250j v0.6.0 (fairly old version) and I could connect to
pub400.com (SSLv3) when I start the emulator with Java 1.8. But when I
import the source code to WDSCi 7.0 and start the emulator from there,
the same errors occur.
So it must be a problem of Java 1.5 and 1.6 in conjunction with the SSL
setup on the IBM i.
Thomas.
Am 18.02.2017 um 11:48 schrieb Jack Kingsley:
Hmm... maybe the handshake on the host side is not working, do you havefor
correct ciphers and protocols setup on host side.
On Fri, Feb 17, 2017 at 3:55 PM, Tools/400 <thomas.raddatz@xxxxxxxxxxx>
wrote:
Jack,
I assume that you mean TLSv1.1 and TLSv1.2, right? I am not an SSL/TLS
expert but people often mix SSL and TLS. Wikipedia
(https://en.wikipedia.org/wiki/Transport_Layer_Security) mentions the
following protocols:
SSLv1.0
SSLv2.0
SSLv3.0
TLSv1.0
TLSv1.1
TLSv1.2
TLSv1.3
For TLSv1.1 and TLSv1.2, I get the "SSLContext not available" error:
24679 [Thread-10] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLSv1.2] Socket
29032 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
connect() TLSv1.2 SSLContext not available
29032 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket
46208 [Thread-12] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLSv1.1] Socket
49140 [Thread-12] WARN org.tn5250j.framework.tn5250.tnvt -
connect() TLSv1.1 SSLContext not available
49140 [Thread-12] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket
But of course these protocols should also work, if possible.
Thomas.
Am 17.02.2017 um 20:03 schrieb Jack Kingsley:
Tom, I currently do not use this tool, but wouldn't you want it to workfor
SSLV1.2??
On Fri, Feb 17, 2017 at 1:56 PM, Tools/400 <thomas.raddatz@xxxxxxxxxxx
wrote:
Hi,
Today I uploaded iSphere 3.0.0.b009, which enables SSL for the TN5250j
emulator. It works fine for RDi 9.5 and Java 7, but it does not work
theall other IDEs with Java 1.6 and lower.
For example I receive the following errors for WDSC 7.0:
TLSv1.1:
20280 [Thread-9] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
20296 [Thread-10] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLSv1.1] Socket
20296 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
connect() TLSv1.1 SSLContext not available
20296 [Thread-10] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket
TLS:
136532 [Thread-11] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
136532 [Thread-12] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [TLS] Socket
136594 [Thread-12] WARN org.tn5250j.framework.tn5250.tnvt -
connect() RSA premaster secret error
136594 [Thread-12] INFO org.tn5250j.framework.tn5250.tnvt -
Closing socket
SSLv3:
1025274 [Thread-13] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
1025274 [Thread-14] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [SSLv3] Socket
1025337 [Thread-14] WARN org.tn5250j.framework.tn5250.tnvt -
connect() Received fatal alert: protocol_version
1025337 [Thread-14] INFO org.tn5250j.framework.tn5250.tnvt -
Closing socket
SSLv2:
1076510 [Thread-15] INFO org.tn5250j.framework.tn5250.tnvt -
new session -> TN5250J
1076510 [Thread-16] INFO
org.tn5250j.framework.transport.SocketConnector -
Creating SSL [SSLv2] Socket
1076510 [Thread-16] WARN org.tn5250j.framework.tn5250.tnvt -
connect() SSLv2 SSLContext not available
1076510 [Thread-16] WARN org.tn5250j.framework.tn5250.tnvt -
I did not get a socket
I already tried installing the "unrestricted policy files" to solve
Studio"RSA premaster secret error" as described here
"http://www-01.ibm.com/support/docview.wss?uid=swg21663373" without
success. Maybe I did something wrong.
Maybe, that somebody of you can help solving the problem. I am stuck.
Regards,
Thomas.
--
This is the Rational Developer for IBM i / Websphere Development
Client for System i & iSeries (WDSCI-L) mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.
--
This is the Rational Developer for IBM i / Websphere Development Studio
Client for System i & iSeries (WDSCI-L) mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.
--
This is the Rational Developer for IBM i / Websphere Development Studio
Client for System i & iSeries (WDSCI-L) mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.