Rick wrote: > But I'm only guessing. What exactly are the errors you get during these > intermittent SSL failure flurries?
So this is application to application SSL - no end users involved so that simplifies things somewhat at least as far as sw levels and algorithms involved. The error one client application is getting is (Yes, this client is CICS) DFHSO0123 02/24/2016 10:46:21 CICSP6JA Return code 411 received from function 'gsk_secure_socket_init' of System SSL. 411 Message authentication code is incorrect. Explanation: The message authentication code (MAC) for a message is not correct. This indicates the message was modified during transmission. z/OS is right next door on the same switch so it's not likely that it was modified during transmission. IHS has to be recycled to recover sometimes (and sometimes it recovers on its own). The volume is very high so the traces IBM needs have been next to impossible to collect. Sniffers on the ports have revealed nothing unexpected either (like scanning). ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
