On 1/27/22 3:40 PM, Phil Smith III wrote:
1. Mainframe starts handshake 2. Server ... does its handshake thing 3. Certificates, ciphers, keys exchanged 4. Mainframe says 410 and drops connection
I would expect that steps #2 and / or #3 would have different values for nonces / ephemeral keys between on each end of the connection and that this would be visible if you got deep enough into the TLS debugging.
Admittedly this would probably require cranking client side debugging all the way to eleven to see it.
But once you have visibility of each end using different values, then it's a question of how / why / where is the something in the middle that's using the counterparts.
That would have probably suggested AT-TLS or some other sort of bump-in-the-wire active TLS proxy.
-- Grant. . . . unix || die ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
