CROSS POSTED - IBM-MAIN, IBMTCP...
We're at z/OS 2.1 trying to move to TLSV1.1 and or TLSV1.2 for our
TN3270E connections. Currently we are
SSLV3 and TLSV1. On our TEST systems I have TLSV1 in my PAGENT rules as
well as TLSV1.1 and TLSV1.2 with
sslv2/sslv3 off. Our client does not have a TLS option. So we have to
code sslv2/sslv3 and then TLSV1 happens.
But when I turn off TLSV1 in hopes of using TLSv1.1 and/or TLSV1.2 I
receive a 412 error code.
Upon reading I find this -
412 Connection Init A common SSL protocol type cannot be agreed upon
by both partners. This disagreement occurs if both partners do not
support the same SSL protocol, as when the client supports only SSLv2
and the server supports only TLSv1. AT-TLS supports only SSLv2, SSLv3,
and TLSv1
Am I reading and understanding this correctly in that I can not move to
TLSV1.1 or 1.2 using AT-TLS?
If so I'm cornfused as why then would PAGENT have the ability to select
TLSV1.1 or 1.2?
--
Brian W. France
Systems Administrator (Mainframe)
Pennsylvania State University
Administrative Information Services - Infrastructure/SYSARC
Rm 25 Shields Bldg., University Park, Pa. 16802
814-863-4739
[email protected]
"To make an apple pie from scratch, you must first invent the universe."
Carl Sagan
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
