Rob, Sorry for the late reply. The mismatch of ciphers was ADCD, this version of z/OS appears to give the customer a subset of ciphers. I am in the process of contacting IBM to find out more information. We have it working on the supplied ciphers. My concern of course is what the customer is using.
Regards, Scott www.idmworks.com On Thursday, May 14, 2015, Rob Schramm <[email protected]> wrote: > Diagnosis Guide with a direct hit > > > http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hald001/atprble.htm > > q0 - did you copy one of the GUI samples for the AT-TLS setup or build it > from scratch? > > q1 - what ciphers did you select in Config Assistant or z/OSMF when you > setup the connection? > > q2 - what ciphers are supported on the client side? sslv3/tlsv10/tlsv11 etc > etc > > Rob Schramm > > > > > Rob Schramm > Senior Systems Consultant > > > On Thu, May 14, 2015 at 8:11 AM, Donald J. <[email protected] > <javascript:;>> wrote: > > > Correction: This is the server supported cipher list > > Set GSK_V3_CIPHER_SPECS_EXPANDED(214) - > > C02FC030009E009F009C009D002F0035000A > > > > Client ciphers are in the client hello. 2nd packet in ATTLS trace below: > > (002F 0035 0005 etc) > > RECV CIPHER 160301005F > > RECV CIPHER > > > 0100005B030155548ECF35553E488B83C575E3ED52CAA2E0C8DBB37AA97EEAC35115EAC90CB800001 > > 0002F00350005000A00320038 ... > > > > -- > > Donald J. > > [email protected] <javascript:;> > > > > On Thu, May 14, 2015, at 04:56 AM, Donald J. wrote: > > > If you use trace level: "Trace 127 " you will get debugging info > > > on ciphers and other things. > > > Cipher list presented by client: > > > CONNID: 0000DA17 RC: 0 Set GSK_V3_CIPHER_SPECS_EXPANDED(214) - > > C02FC030009E009F009C009D002F0035000A > > > Cipher chosen by server: > > > CONNID: 0000DA17 RC: 0 Get GSK_CONNECT_SEC_TYPE(208) - TLSV1 > > > CONNID: 0000DA17 RC: 0 Get GSK_CONNECT_CIPHER_SPEC(207) - 002F > > > > > > -- > > > Donald J. > > > [email protected] <javascript:;> > > > > > > On Wed, May 13, 2015, at 03:20 PM, Scott Ford wrote: > > > > All, > > > > We are running z/OS 1.13 and I have AT-TLS configured with PAGENT and > > > > SYSLOGD. We are testing a Java client inbound to a COBOL STC running > > CICS > > > > Sockets (ezasoket). In our testing we are seeing a EZD1287I TTLS > Error > > RC: > > > > 402 Initial Handshake. The server is showing a socket-read > errno=54 - > > > > Econnreset. Does this imply the cipher is wrong ? > > > > The Java client is sending a self-signed certificate which we > > generated. We > > > > know it's ok locally in the same physical office with another server. > > What > > > > I am not sure about is what ciphers, if this is the issue are > > supported on > > > > AT-TLS ..can someone be kind enough to help me out. > > > > > > > > Regards, > > > > Scott > > > > > > > > > ---------------------------------------------------------------------- > > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > > send email to [email protected] <javascript:;> with the > message: INFO IBM-MAIN > > > > > > -- > > > http://www.fastmail.com - The way an email service should be > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] <javascript:;> with the > message: INFO IBM-MAIN > > > > -- > > http://www.fastmail.com - A no graphics, no pop-ups email service > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] <javascript:;> with the message: > INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] <javascript:;> with the message: > INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
