Thanks Alan and Jeff. I think it's becoming clear to me that IHS must be the culprit here. It's talking to everything fine until something makes it stop doing that and screwing up the handshake. What that trigger is we don't know. We did find one occurrence that overlapped with vulnerability port scanning, but they've suspended that for now. The sniffer traces show no other unsuspected IP addresses coming in (so they say). I'll circle back with our WAS guy and makes sure this gets in the PMR.
I still want to know what those errors are though! :) Anyone? Marcy -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Alan Altmark Sent: Thursday, September 01, 2016 7:40 PM To: [email protected] Subject: Re: [LINUX-390] Crypto error meanings? On Friday, 09/02/2016 at 02:27 GMT, Marcy Cortes <[email protected]> wrote: > When the problem starts, all clients get ill. > Maybe 5 or 10 minutes every week or two? > No consistency whatsoever. > And by the time the troops are gathered, too late for tcpdumps. I think the external sniffers will have to collect several hours worth of rolling data, and when the app detects an error, stop the data collection. You should give you plenty of time to stop data collection without losing any data and without trying to hold two weeks' worth of packet traces. I was pleased to hear from Jeff that Wireshark could use a copy of the server certificate to decode the data stream. One of these days I'll have to test that out! Alan Altmark Senior Managing z/VM and Linux Consultant Lab Services System z Delivery Practice IBM Systems & Technology Group ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 [email protected] IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
