http://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-us/SSLTBW_1.13.0/com.ibm.zos.r13.hald001/comtls.htm
AT-TLS return codes z/OS Communications Server: IP Diagnosis Guide GC31-8782-13 402 Connection Init A SSL cipher suite could not be agreed upon between the client and server. Check the following: * If V2Ciphers or V3Ciphers are coded, verify that the remote end supports at least one of the cipher suites coded. If configuring using the IBM Configuration Assistant for z/OS Communications Server, the ciphers are selected for each Security Level. * Verify that the certificate being used for the connection supports the cipher suites. For example, V3 Cipher suite TLS_DH_DSS_WITH_DES_CBC_SHA(0C) requires a certificate defined with a Diffie-Hellman key. * For ciphers defined as exportable, verify that the proper FMIDs to support the encryption level are installed. Mike Wawiorko Please consider the environment before printing this e-mail -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Scott Ford Sent: 13 May 2015 23:20 To: [email protected] Subject: AT-TLS question , issue All, We are running z/OS 1.13 and I have AT-TLS configured with PAGENT and SYSLOGD. We are testing a Java client inbound to a COBOL STC running CICS Sockets (ezasoket). In our testing we are seeing a EZD1287I TTLS Error RC: 402 Initial Handshake. The server is showing a socket-read errno=54 - Econnreset. Does this imply the cipher is wrong ? The Java client is sending a self-signed certificate which we generated. We know it's ok locally in the same physical office with another server. What I am not sure about is what ciphers, if this is the issue are supported on AT-TLS ..can someone be kind enough to help me out. Regards, Scott ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected]<mailto:[email protected]> with the message: INFO IBM-MAIN This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC. Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 122702). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
