We ran into that situation and ended up specifying SSLV3 in the Telnetparms for port 992 (Then we converted to PAGENT and TLS) TelnetParms
Secureport 992 ; Port number 992 (Secure) sslv3 sslv3 ; Allow SSLv3 connections On Wed, Feb 24, 2016 at 3:35 PM, Dazzo, Matt < [email protected]> wrote: > After applying RSU maintenance to our zos1.13 sandbox system I have run > into a problem (that I expected from reading the hold data) with TN3270 and > SSL. SSLv2 & 3 are now defaulted to off. All our tn3270 sessions are > configured to use ssl, I tested with TLS and they work fine. I'd like to > enable ssl3 until we can get all the tn3270 users changed over to tls on my > terms. > * The PTF disabled SSL by default, but they can be enabled > explicitly. > > According to the apar info it is possible to override the new default (ssl > off) in 2 ways, one with environment variable and the other (not the > preferred method) with RACF profiles. Any help in getting this resolved is > appreciated. Matt > > So far I have tried adding the below to /etc/profile > export GSK_PROTOCOL_SSLV3_ON > export GSK_PROTOCOL_SSLV2_ON > > And add the below to my telnet profile, I still cannot connect using ssl. > > ENCRYPT > SSL_RC4_SHA > SSL_RC4_MD5 > SSL_AES_256_SHA > SSL_AES_128_SHA > SSL_3DES_SHA > SSL_DES_SHA > SSL_RC4_MD5_EX > SSL_RC2_MD5_EX > SSL_NULL_SHA > SSL_NULL_MD5 > SSL_NULL_Null > ENDENCRYPT > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- "I am as you, in you, for you. One as you in all, as all, forever. My call is your call." ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
