As an aside, when using TLS, you should be using the host name, not the IP address in a client. A browser like FF will validate what you typed against what is in the server certificate and they won't match, so you'll get a warning. That's fine for interactive applications, but not so much for scripts.
And, yeah, I've also been bitten by failing to use the right protocol on the right port. That's one reason that the IETF no longer approves "dual port" configurations such as we have with HTTP v. HTTPS. They now require that protocols include a "START TLS" negotiation mechanism on a single port. Regards, Alan Alan Altmark Senior Managing z/VM Consultant IBM Systems Lab Services 1 607 321 7556 Mobile [email protected] > -----Original Message----- > From: CMSTSO Pipelines Discussion List <[email protected]> > On Behalf Of Dave Jones > Sent: Thursday, April 7, 2022 10:56 AM > To: [email protected] > Subject: [EXTERNAL] Re: [CMS-PIPELINES] SSL/TLS question with tcpdata > > OK, I found the problem, due to Rob's suggestion. If I point Firefox to this > URL: > > INVALID URI REMOVED > 3A2080_&d=DwICAg&c=jf_iaSHvJObTbx- > siA1ZOg&r=XX3LPhXj6Fv4hkzdpbonTd1gcy88ea- > vqLQGEWWoD4M&m=vRDZALnTjxsV5WTUVCuIvHk58HlYnga5rs4SoXB84- > o&s=9SsmkIrwPmON_SBVNl7MRk79qiXNCdyGMaDIJHfyb8o&e= > > it works as designed. I was just using 192.168.128.118:2080 before. > > Many thanks. > > DJ > > --- > BEST REGARDS > > DAVE JONES IBM CHAMPION [1] > Managing Director for zSystems Support, zLinux, and Cloud > ++1 281.578.7544 (Cell) > Web: www.itconline.com [2] > 18502 Purdy Ct. Houston, TX 77084 USA > > On 04.07.2022 7:14 AM, Rob van der Heij wrote: > > > On Thu, 7 Apr 2022 at 16:02, Dave Jones <[email protected]> wrote: > > > >> FPLTCQ1015E ERRNO 10410: 10410 > >> FPLMSG004I ... Issued from stage 3 of pipeline 3 name > "WEENYWEB.REXX:7" > >> FPLMSG001I ... Running "tcpdata TLSLABEL SMBSSI" > >> > >> Turns out that the SSL error number 410 means "SSL message format is > >> incorrect.". > >> > >> How can I troubleshoot this so I can get weenyweb to work? Any ideas > >> on what's wrong here? > > > > No idea :-) I suspect the browser isn't trying an SSL connection. I > > trust you made it listen to port 443 before you got here... Since the > > magic is all happening outside your virtual machine, you'd have to > > enable the trace in the SSL server. There's nothing in CMS Pipelines to see. > > > > An easier trick that might help is to remove the TLSLABEL option and > > capture the data coming out of TCPDATA. I've done that before to find > > that the browser was stubborn and "fixed" URL that I provided. It's > > possible that the browser doesn't like the certificate or ciphers that > > you offer, and decides to try something else. The 'developer options' > > in the browser may also show some info. Alternatively, set up a TCP/IP > > proxy with CMS Pipelines and prepare to get complaints about the > > person-in-the-middle attack. > > > > Sir Rob the Plumber > > > Links: > ------ > [1] > INVALID URI REMOVED > 3A__www.credly.com_badges_7c92e732-2D8ab1-2D4470-2D98c6- > 2D251c33506d69_public-5Furl&d=DwICAg&c=jf_iaSHvJObTbx- > siA1ZOg&r=XX3LPhXj6Fv4hkzdpbonTd1gcy88ea- > vqLQGEWWoD4M&m=vRDZALnTjxsV5WTUVCuIvHk58HlYnga5rs4SoXB84- > o&s=AHVtnzdUm_SG3DbENPViRUFqSc6dk6W-gL-0X4pVNKY&e= > [2] INVALID URI REMOVED > 3A__www.itconline.com_&d=DwICAg&c=jf_iaSHvJObTbx- > siA1ZOg&r=XX3LPhXj6Fv4hkzdpbonTd1gcy88ea- > vqLQGEWWoD4M&m=vRDZALnTjxsV5WTUVCuIvHk58HlYnga5rs4SoXB84- > o&s=lwrK4ZBjxJUNqq2FXE4usLK8LDHPzyKwpz7UoiEbAi4&e=
