I suspect the change may have occurred at my end due to recent install of IBM
maintenance. Now, I'm wondering if the TLS handshake is failing at the IBM
end due to the fact that this PTF removed depreciated ciphers...I have my TCPIP
guys at our end reviewing.
TYPE REASON ID FMID SYSMOD ++HOLD DATA
------ --------- ------- -------
------------------------------------------------------------------------
SYSTEM ACTION HCPT420 UA93632 ++ HOLD(UA93632) SYS FMID(HCPT420)
REASON(ACTION) DATE(17265)
COMMENT
(****************************************************************
* FUNCTION AFFECTED: z/OS SYSTEM SSL
(OA51519) *
****************************************************************
* DESCRIPTION : ACTION
*
****************************************************************
* TIMING : PRE-APPLY AND
POST-APPLY *
****************************************************************
In this PTF, z/OS System SSL is
changing the default SSL/TLS
cipher support.
The cipher defines the
authentication, encryption, message
authentication code (MAC) and key
exchange algorithm used when
negotiating a secure connection using
SSL or TLS. When a System
SSL application calls the
gsk_environment_open() routine to
establish a secure environment or
calls the deprecated SSL/TLS
routine gsk_secure_soc_init() setting
cipher_specs and/or
v3cipher_specs to NULL, the default
enabled ciphers will no
longer include the following DES and
Triple DES ciphers.
SSL V3/TLS ciphers
09/0009: TLS_RSA_WITH_DES_CBC_SHA
0A/000A: TLS_RSA_WITH_3DES_EDE_CBC_SHA
12/0012: TLS_DHE_DSS_WITH_DES_CBC_SHA
13/0013: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
15/0015: TLS_DHE_RSA_WITH_DES_CBC_SHA
16/0016: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
[email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Richards, Robert B.
Sent: Tuesday, October 10, 2017 9:00 AM
To: [email protected]
Subject: Re: RECEIVE ORDER failing
**CAUTION EXTERNAL EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected
emails**
Yup!
220-dhebpcb01 secure FTP server
220 ready.
EZA1701I >>> AUTH TLS
234 TLSv1
EZA2895I Authentication negotiation succeeded
EZA1701I >>> PBSZ 0
200 PBSZ=0
EZA1701I >>> PROT P
200 Command PROT okay.
EZA2906I Data connection protection is private
EZA1459I NAME (deliverycb-bld.dhe.ibm.com:ABCDEFG): <--- not real Userid :-)
Then IBM generated user and password, followed by CCC (command channel
cleared), the GET statement, TYPE I, EPSV, and finally opening a BINARY mode
connection.
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Jousma, David
Sent: Tuesday, October 10, 2017 8:52 AM
To: [email protected]
Subject: Re: RECEIVE ORDER failing
Well, that's not the answer I was expecting!!! It's the secured (FTP with TLS
and HTTPS) that are failing for me. I assume that's one of the methods you are
using?
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President [email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Richards, Robert B.
Sent: Tuesday, October 10, 2017 8:18 AM
To: [email protected]
Subject: Re: RECEIVE ORDER failing
**CAUTION EXTERNAL EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected
emails**
I succeeded within a minute of your email timestamp with a RFN to the same IP
address (ending in 117 and using port 21)
bob
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Jousma, David
Sent: Tuesday, October 10, 2017 8:02 AM
To: [email protected]
Subject: RECEIVE ORDER failing
All,
Looks like SMPE RECEIVE ORDER is failing this morning. I've tried HTTPS
download too.
200 Type set to I.
EZA1460I Command:
EZA1701I >>> PASV
227 Entering Passive Mode (170,225,15,117,254,55) EZA1701I >>> RETR
/2017101027988/PROD/GIMPAF.XML
150 Opening BINARY mode data connection for /2017101027988/PROD/GIMPAF.XML.
EZA2870I TLS security mechanism negotiation failed - data connection closed
425 Can't open data connection.
EZA1735I Std Return Code = 16425, Error Code = 00017 EZA1701I >>> QUIT
221 Goodbye.
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President [email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717
This e-mail transmission contains information that is confidential and may be
privileged.
It is intended only for the addressee(s) named above. If you receive this
e-mail in error, please do not read, copy or disseminate it in any manner. If
you are not the intended recipient, any disclosure, copying, distribution or
use of the contents of this information is prohibited. Please reply to the
message immediately by informing the sender that the message was misdirected.
After replying, please erase it from your computer system. Your assistance in
correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL
EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected
emails**
This e-mail transmission contains information that is confidential and may be
privileged. It is intended only for the addressee(s) named above. If you
receive this e-mail in error, please do not read, copy or disseminate it in any
manner. If you are not the intended recipient, any disclosure, copying,
distribution or use of the contents of this information is prohibited. Please
reply to the message immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer system. Your
assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL
EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected
emails**
This e-mail transmission contains information that is confidential and may be
privileged. It is intended only for the addressee(s) named above. If you
receive this e-mail in error, please do not read, copy or disseminate it in any
manner. If you are not the intended recipient, any disclosure, copying,
distribution or use of the contents of this information is prohibited. Please
reply to the message immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer system. Your
assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
