Plus, I remember there's some environment variables that must be set for things like this. At least that's what I've seen in LDAPS, for example. GSK_SSL_something type variables to tune, turn off, or allow only specific SSL/TLS versions, or ciphers.
- KB ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, December 23rd, 2021 at 10:52 PM, Matthew Stitt <[email protected]> wrote: > Are you sure the SSL options are turned off, leaving only the TLSV12 option > on? > > Matthew > > On Thu, 23 Dec 2021 10:01:26 -0700, Lizette Koehler [email protected] > wrote: > > > We have done the Packet trace. It was not conclusive. > > > > Only showed that TLS V1.2 is being used. However - some were thinking that > > was not true since the connection (according to them) was behaving like > > SSLV3 what ever that means. > > > > Lizette > > > > -----Original Message----- > > > > From: IBM Mainframe Discussion List [email protected] On Behalf Of > > Don Poitras > > > > Sent: Thursday, December 23, 2021 8:06 AM > > > > To: [email protected] > > > > Subject: Re: Help with switching an IP:PORT to TLS V1.2 > > > > You could also just do a packet trace. Send the output to Wireshark. It can > > format all the TLS hand-shaking traffic. The question I'd have, given the > > original description is whether AT-TLS is being used at all. Perhaps the > > program is using OpenSSL or GSK? > > > > https://www.ibm.com/support/pages/how-capture-and-format-ssl-component-trace > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
