Sorry ... my email client cut off the ATTLS parms and I didnt see them. Joe
On Mon, Nov 16, 2020 at 7:06 AM Joe Monk <[email protected]> wrote: > Error 100B: > > 100B Unexpected SSL handshake encountered.An SSL handshake header was > encountered on a basic port or the client immediately entered an SSL > handshake for a CONNTYPE option value other than SECURE or ANY. Verify that > the client and port settings are compatible. > A quick google found this: > > > https://www.ibm.com/support/pages/zos-communications-server-tls-needed-implement-tls-v12 > > Joe > > > > > On Mon, Nov 16, 2020 at 6:27 AM Edgington, Jerry < > [email protected]> wrote: > >> I need some help, please. We have an automated system, using TN3270 >> screen scraping. Over the weekend, we IPL'ed, first time in April, 2020 >> and now, when this "automated" system/client tries to connect over TN3270, >> we are getting this error message: >> >> M 4100000 aaaa 20320 14:22:03.02 STC09624 00000090 EZZ6034I TN3270 >> CONN 0000025C LU **N/A** CONN DROP ERR 100B 864 >> E 864 00000090 IP..PORT: >> ::FFFF:xx.xx.xx.xx..53084 EZBTTRCV >> >> The AT/TLS policy has changed since August, 2020. And we only have TLS >> v1.2 turned on for only specific inbound IP addresses. We are running z/OS >> v2.1, at this point >> >> Any suggestions, help or ideas, would be great. >> >> Thanks, >> Jerry Edgington >> >> Here is the AT/TLS policy. I have masked the names for security reasons. >> ##------------------------------------------------------------------- >> ## Rules for yyy servers using xxxxxx IP over port 923 >> ##------------------------------------------------------------------- >> TTLSRule yyy-xxxxxx-SSL >> { >> LocalAddrGroupRef xxxxx-Ip-Addr >> RemoteAddrGroupRef yyy-Server-IpAddr >> LocalPortRange 923 >> RemotePortRangeRef Port-Remote >> Direction Inbound >> Priority 500 >> TTLSGroupActionRef gAct1 >> TTLSEnvironmentActionRef eAct1 >> TTLSConnectionActionRef cAct-xxxxx >> } >> >> TTLSConnectionAction cAct-xxxxx >> { >> HandshakeRole Server >> TTLSCipherParmsRef cipher1~Default_Ciphers >> TTLSConnectionAdvancedParmsRef cAdv-xxxxxx >> CtraceClearText Off >> Trace 7 >> } >> >> TTLSConnectionAdvancedParms cAdv-xxxx >> { >> HandshakeTimeout 30 >> CertificateLabel ATTLS >> SecondaryMap Off >> TLSv1.2 On >> ApplicationControlled On >> } >> >> TTLSEnvironmentAction eAct1 >> { >> HandshakeRole Server >> EnvironmentUserInstance 0 >> TTLSKeyringParmsRef keyR~ZOS112 >> } >> >> >> ##------------------------------------------------------------------- >> ## IP Address for yyy Servers >> ##------------------------------------------------------------------- >> IpAddrGroup yyy-Server-IpAddr { >> IpAddr >> { >> Addr xx.xx.xx.xx >> } >> } >> >> ##------------------------------------------------------------------- >> ## Ports Remote >> ##------------------------------------------------------------------- >> PortRange Port-Remote >> { >> Port 1024-65535 >> } >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
