Error 100B: 100B Unexpected SSL handshake encountered.An SSL handshake header was encountered on a basic port or the client immediately entered an SSL handshake for a CONNTYPE option value other than SECURE or ANY. Verify that the client and port settings are compatible. A quick google found this:
https://www.ibm.com/support/pages/zos-communications-server-tls-needed-implement-tls-v12 Joe On Mon, Nov 16, 2020 at 6:27 AM Edgington, Jerry < jerry.edging...@westernsouthernlife.com> wrote: > I need some help, please. We have an automated system, using TN3270 > screen scraping. Over the weekend, we IPL'ed, first time in April, 2020 > and now, when this "automated" system/client tries to connect over TN3270, > we are getting this error message: > > M 4100000 aaaa 20320 14:22:03.02 STC09624 00000090 EZZ6034I TN3270 > CONN 0000025C LU **N/A** CONN DROP ERR 100B 864 > E 864 00000090 IP..PORT: > ::FFFF:xx.xx.xx.xx..53084 EZBTTRCV > > The AT/TLS policy has changed since August, 2020. And we only have TLS > v1.2 turned on for only specific inbound IP addresses. We are running z/OS > v2.1, at this point > > Any suggestions, help or ideas, would be great. > > Thanks, > Jerry Edgington > > Here is the AT/TLS policy. I have masked the names for security reasons. > ##------------------------------------------------------------------- > ## Rules for yyy servers using xxxxxx IP over port 923 > ##------------------------------------------------------------------- > TTLSRule yyy-xxxxxx-SSL > { > LocalAddrGroupRef xxxxx-Ip-Addr > RemoteAddrGroupRef yyy-Server-IpAddr > LocalPortRange 923 > RemotePortRangeRef Port-Remote > Direction Inbound > Priority 500 > TTLSGroupActionRef gAct1 > TTLSEnvironmentActionRef eAct1 > TTLSConnectionActionRef cAct-xxxxx > } > > TTLSConnectionAction cAct-xxxxx > { > HandshakeRole Server > TTLSCipherParmsRef cipher1~Default_Ciphers > TTLSConnectionAdvancedParmsRef cAdv-xxxxxx > CtraceClearText Off > Trace 7 > } > > TTLSConnectionAdvancedParms cAdv-xxxx > { > HandshakeTimeout 30 > CertificateLabel ATTLS > SecondaryMap Off > TLSv1.2 On > ApplicationControlled On > } > > TTLSEnvironmentAction eAct1 > { > HandshakeRole Server > EnvironmentUserInstance 0 > TTLSKeyringParmsRef keyR~ZOS112 > } > > > ##------------------------------------------------------------------- > ## IP Address for yyy Servers > ##------------------------------------------------------------------- > IpAddrGroup yyy-Server-IpAddr { > IpAddr > { > Addr xx.xx.xx.xx > } > } > > ##------------------------------------------------------------------- > ## Ports Remote > ##------------------------------------------------------------------- > PortRange Port-Remote > { > Port 1024-65535 > } > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN