Diagnosis Guide with a direct hit http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hald001/atprble.htm
q0 - did you copy one of the GUI samples for the AT-TLS setup or build it from scratch? q1 - what ciphers did you select in Config Assistant or z/OSMF when you setup the connection? q2 - what ciphers are supported on the client side? sslv3/tlsv10/tlsv11 etc etc Rob Schramm Rob Schramm Senior Systems Consultant On Thu, May 14, 2015 at 8:11 AM, Donald J. <[email protected]> wrote: > Correction: This is the server supported cipher list > Set GSK_V3_CIPHER_SPECS_EXPANDED(214) - > C02FC030009E009F009C009D002F0035000A > > Client ciphers are in the client hello. 2nd packet in ATTLS trace below: > (002F 0035 0005 etc) > RECV CIPHER 160301005F > RECV CIPHER > 0100005B030155548ECF35553E488B83C575E3ED52CAA2E0C8DBB37AA97EEAC35115EAC90CB800001 > 0002F00350005000A00320038 ... > > -- > Donald J. > [email protected] > > On Thu, May 14, 2015, at 04:56 AM, Donald J. wrote: > > If you use trace level: "Trace 127 " you will get debugging info > > on ciphers and other things. > > Cipher list presented by client: > > CONNID: 0000DA17 RC: 0 Set GSK_V3_CIPHER_SPECS_EXPANDED(214) - > C02FC030009E009F009C009D002F0035000A > > Cipher chosen by server: > > CONNID: 0000DA17 RC: 0 Get GSK_CONNECT_SEC_TYPE(208) - TLSV1 > > CONNID: 0000DA17 RC: 0 Get GSK_CONNECT_CIPHER_SPEC(207) - 002F > > > > -- > > Donald J. > > [email protected] > > > > On Wed, May 13, 2015, at 03:20 PM, Scott Ford wrote: > > > All, > > > We are running z/OS 1.13 and I have AT-TLS configured with PAGENT and > > > SYSLOGD. We are testing a Java client inbound to a COBOL STC running > CICS > > > Sockets (ezasoket). In our testing we are seeing a EZD1287I TTLS Error > RC: > > > 402 Initial Handshake. The server is showing a socket-read errno=54 - > > > Econnreset. Does this imply the cipher is wrong ? > > > The Java client is sending a self-signed certificate which we > generated. We > > > know it's ok locally in the same physical office with another server. > What > > > I am not sure about is what ciphers, if this is the issue are > supported on > > > AT-TLS ..can someone be kind enough to help me out. > > > > > > Regards, > > > Scott > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > -- > > http://www.fastmail.com - The way an email service should be > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > -- > http://www.fastmail.com - A no graphics, no pop-ups email service > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
