Need some help with SSL error

Mon, 16 Nov 2020 04:27:52 -0800 

I need some help, please.  We have an automated system, using TN3270 screen 
scraping.  Over the weekend, we IPL'ed, first time in April, 2020 and now, when 
this "automated" system/client tries to connect over TN3270, we are getting 
this error message:

M 4100000 aaaa     20320 14:22:03.02 STC09624 00000090  EZZ6034I TN3270 CONN 
0000025C LU **N/A**  CONN DROP  ERR 100B 864
E                                         864 00000090    IP..PORT: 
::FFFF:xx.xx.xx.xx..53084                     EZBTTRCV

The AT/TLS policy has changed since August, 2020.  And we only have TLS v1.2 
turned on for only specific inbound IP addresses.  We are running z/OS v2.1, at 
this point

Any suggestions, help or ideas, would be great.

Thanks,
Jerry Edgington

Here is the AT/TLS policy. I have masked the names for security reasons.
##-------------------------------------------------------------------
## Rules for yyy servers using xxxxxx IP over port 923
##-------------------------------------------------------------------
TTLSRule                          yyy-xxxxxx-SSL
{
  LocalAddrGroupRef                     xxxxx-Ip-Addr
  RemoteAddrGroupRef               yyy-Server-IpAddr
  LocalPortRange                             923
  RemotePortRangeRef                 Port-Remote
  Direction                                         Inbound
  Priority                                            500
  TTLSGroupActionRef                   gAct1
  TTLSEnvironmentActionRef        eAct1
  TTLSConnectionActionRef         cAct-xxxxx
}

TTLSConnectionAction              cAct-xxxxx
{
  HandshakeRole                             Server
  TTLSCipherParmsRef                   cipher1~Default_Ciphers
  TTLSConnectionAdvancedParmsRef  cAdv-xxxxxx
  CtraceClearText                             Off
  Trace                                                7
}

TTLSConnectionAdvancedParms       cAdv-xxxx
{
  HandshakeTimeout                     30
  CertificateLabel                             ATTLS
  SecondaryMap                              Off
  TLSv1.2                                            On
  ApplicationControlled                  On
}

TTLSEnvironmentAction             eAct1
{
  HandshakeRole                             Server
  EnvironmentUserInstance         0
  TTLSKeyringParmsRef                 keyR~ZOS112
}


##-------------------------------------------------------------------
## IP Address for yyy Servers
##-------------------------------------------------------------------
IpAddrGroup       yyy-Server-IpAddr                      {
  IpAddr
  {
     Addr xx.xx.xx.xx
  }
}

##-------------------------------------------------------------------
## Ports Remote
##-------------------------------------------------------------------
PortRange                         Port-Remote
{
  Port                            1024-65535
}

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to