In a previous reply I mentioned that I recalled that there were some diagnostic
enhancements for AT-TLS in z/os 2.5. They are described in the z/os 2 .5
education articles on GitHub :
https://github.com/IBM/IBM-Z-zOS/blob/main/zOS-Education/zOS-V2.5-Education/IEAV2R5%20Communications%20Server.p
In a previous reply I mentioned that I recalled that there were some diagnostic
enhancements for AT-TLS in z/os 2.5. They are described in the z/os 2 .5
education articles on GitHub :
https://github.com/IBM/IBM-Z-zOS/blob/main/zOS-Education/zOS-V2.5-Education/IEAV2R5%20Communications%20Server.p
SMF 119 ZERT records have a significant amount of potentially relevant
information, assuming they are turned on, and you are able to format them.
On Wed, 14 Dec 2022 at 19:58, Crusty Old Guy
wrote:
> Yes, AT-TLS is involved. This is an HTTPS call from Chrome to a port in a
> CICS region. The r
Yes, AT-TLS is involved. This is an HTTPS call from Chrome to a port in a CICS
region. The region is running Adaptigents Fabric (formerly Ivory).
I've turned on the trace in ATTLS. I've also turned trace on for SYSLOGD and
see that GSK_PROTOCOL_SSLV2, GSK_PROTOCOL_SSLV3 & GSK_PROTOCOL_TLSV1_2
Sorry Phil, the trace I used, gsktrace was suggested by IBM support to
resolve and issue we had with db2 connections from internal and
external sources .
Carmen
On 12/12/2022 12:36 PM, Phil Smith III wrote:
Carmen Vitullo wrote:
gsktrace -
Darn. Was hoping for something else to use! Co
Carmen Vitullo wrote:
>gsktrace -
Darn. Was hoping for something else to use! Component trace looks tricky.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the me
gsktrace -
Carmen
On 12/12/2022 12:20 PM, Phil Smith III wrote:
Carmen Vitullo wrote:
I have had great results, clear to understand even for me, using an SSL
TRACE
I have documented the process I used if needed
Is that gsktrace or the component trace?
Carmen Vitullo wrote:
>I have had great results, clear to understand even for me, using an SSL
TRACE
>I have documented the process I used if needed
Is that gsktrace or the component trace?
--
For IBM-MAIN subscribe / sig
I have had great results, clear to understand even for me, using an SSL
TRACE
I have documented the process I used if needed
Carmen
On 12/12/2022 12:10 PM, Phil Smith III wrote:
A gsktrace is pretty easy to get and format. If it's an LE application, then
in your LE options you can put:
ENVAR(
A gsktrace is pretty easy to get and format. If it's an LE application, then
in your LE options you can put:
ENVAR(GSK_TRACE=0X,GSK_TRACE_FILE=/u/fred/myssltrace.file)
Otherwise I assume just setting those environment variables should work.
Then after you run the thing (and it fails) yo
COG,
Can you get a wireshark trace from the client end? (If so I can help you
look at the output)
What are you using on z/OS? AT-TLS, CICS, Liberty etc?
Colin
On Sun, 11 Dec 2022 at 12:12, Keith Gooding <
034af3894af4-dmarc-requ...@listserv.ua.edu> wrote:
> TCPIP invokes z/os System SSL so
TCPIP invokes z/os System SSL so if there is any documentation provided by IBM
it will be in System SSL documentation but I could not find the record formats.
System SSL provides the gsk trace command and it is possible that this will
format the records for you. You will find the definitive expl
To establish SSL/TLS communication between two systems the systems
negotiate to determine the most secure cipher and protocol that is
supported and allowed on both systems. If that negotiation fails, it is
usually because the SSL/TLS support on one of the systems is seriously
down level from t
https://www.ibm.com/docs/en/zos/2.4.0?topic=messages-ezd1285i
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Crusty Old Guy
Sent: Friday, December 9, 2022 8:47 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Interpreting SEND/RECV
Can you tell us a bit more about the environment? So far you're mostly
saying "Something didn't work."
Is there any AT-TLS involved?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists
Not 100% sure, but I believe that is the data being sent to the remote side
encrypted. If I'm right then depending when it is being sent, could be a
userid, password, command, or if on the data connection data from the file
being transferred.
---
16 matches
Mail list logo
