Dave, I *DO NOT* have UA93632 applied. Received, yes, applied, no.
Please post the outcome of your investigation. Inquiring minds want to avoid the same issue! :-) Bob -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jousma, David Sent: Tuesday, October 10, 2017 9:40 AM To: [email protected] Subject: Re: RECEIVE ORDER failing I suspect the change may have occurred at my end due to recent install of IBM maintenance. Now, I'm wondering if the TLS handshake is failing at the IBM end due to the fact that this PTF removed depreciated ciphers...I have my TCPIP guys at our end reviewing. TYPE REASON ID FMID SYSMOD ++HOLD DATA ------ --------- ------- ------- ------------------------------------------------------------------------ SYSTEM ACTION HCPT420 UA93632 ++ HOLD(UA93632) SYS FMID(HCPT420) REASON(ACTION) DATE(17265) COMMENT (**************************************************************** * FUNCTION AFFECTED: z/OS SYSTEM SSL (OA51519) * **************************************************************** * DESCRIPTION : ACTION * **************************************************************** * TIMING : PRE-APPLY AND POST-APPLY * **************************************************************** In this PTF, z/OS System SSL is changing the default SSL/TLS cipher support. The cipher defines the authentication, encryption, message authentication code (MAC) and key exchange algorithm used when negotiating a secure connection using SSL or TLS. When a System SSL application calls the gsk_environment_open() routine to establish a secure environment or calls the deprecated SSL/TLS routine gsk_secure_soc_init() setting cipher_specs and/or v3cipher_specs to NULL, the default enabled ciphers will no longer include the following DES and Triple DES ciphers. SSL V3/TLS ciphers 09/0009: TLS_RSA_WITH_DES_CBC_SHA 0A/000A: TLS_RSA_WITH_3DES_EDE_CBC_SHA 12/0012: TLS_DHE_DSS_WITH_DES_CBC_SHA 13/0013: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 15/0015: TLS_DHE_RSA_WITH_DES_CBC_SHA 16/0016: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA _________________________________________________________________ Dave Jousma Manager Mainframe Engineering, Assistant Vice President [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Richards, Robert B. Sent: Tuesday, October 10, 2017 9:00 AM To: [email protected] Subject: Re: RECEIVE ORDER failing **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** Yup! 220-dhebpcb01 secure FTP server 220 ready. EZA1701I >>> AUTH TLS 234 TLSv1 EZA2895I Authentication negotiation succeeded EZA1701I >>> PBSZ 0 200 PBSZ=0 EZA1701I >>> PROT P 200 Command PROT okay. EZA2906I Data connection protection is private EZA1459I NAME (deliverycb-bld.dhe.ibm.com:ABCDEFG): <--- not real Userid :-) Then IBM generated user and password, followed by CCC (command channel cleared), the GET statement, TYPE I, EPSV, and finally opening a BINARY mode connection. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jousma, David Sent: Tuesday, October 10, 2017 8:52 AM To: [email protected] Subject: Re: RECEIVE ORDER failing Well, that's not the answer I was expecting!!! It's the secured (FTP with TLS and HTTPS) that are failing for me. I assume that's one of the methods you are using? _________________________________________________________________ Dave Jousma Manager Mainframe Engineering, Assistant Vice President [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Richards, Robert B. Sent: Tuesday, October 10, 2017 8:18 AM To: [email protected] Subject: Re: RECEIVE ORDER failing **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** I succeeded within a minute of your email timestamp with a RFN to the same IP address (ending in 117 and using port 21) bob -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jousma, David Sent: Tuesday, October 10, 2017 8:02 AM To: [email protected] Subject: RECEIVE ORDER failing All, Looks like SMPE RECEIVE ORDER is failing this morning. I've tried HTTPS download too. 200 Type set to I. EZA1460I Command: EZA1701I >>> PASV 227 Entering Passive Mode (170,225,15,117,254,55) EZA1701I >>> RETR /2017101027988/PROD/GIMPAF.XML 150 Opening BINARY mode data connection for /2017101027988/PROD/GIMPAF.XML. EZA2870I TLS security mechanism negotiation failed - data connection closed 425 Can't open data connection. EZA1735I Std Return Code = 16425, Error Code = 00017 EZA1701I >>> QUIT 221 Goodbye. _________________________________________________________________ Dave Jousma Manager Mainframe Engineering, Assistant Vice President [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
