[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPAPI Version 1.26 Released!

Hi Kim,
It shouldn't be necessary to call https_init() to turn on TLS 1.1 and TLS 1.2, they should be on by default.
Sorry about the HTTP_USERAGENT -- I forgot to update that. Ugh... will do that. 


On 12/22/2014 5:14 PM, Kim Mitchell wrote:

Hi Scott,

I've installed version 1.26 of HTTPAPI, and ran it through a few tests.

As per your instructions, I called https_init() and told it to use TLS versions 1.1 and 1.2 (we've been told we will have to shut off TLS 1.0 soon):

         https_init(APP_ID: *OFF: *OFF: *OFF: *ON: *ON);

I did notice that the constant HTTP_USERAGENT in CONFIG_H is still set to 'http-api/1.24',  but that didn't appear to have an effect on my test.

It works beautifully. Here is a snippet of my debug file:

         HTTPAPI Ver 1.26 released 2014-12-19
         OS/400 Ver V7R1M0

         New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
         https_init(): entered
         QSSLPCL = *TLSV1.2 *TLSV1.1 *TLSV1
         SSL version 2 support disabled
         SSL version 3 support disabled
         Old interface to TLS version 1.0 support disabled
         TLS version 1.0 support disabled
         TLS version 1.1 support enabled
         TLS version 1.2 support enabled

Thank you so much for your help and support. Merry Christmas!

Kim Mitchell
------------------------------

Message: 2
Date: Mon, 22 Dec 2014 15:04:06 +0000
From: Kim Mitchell <kmitchell@xxxxxxxxxxxxxxxxxx>
To: "ftpapi@xxxxxxxxxxxxxxxxxxxxxx" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPAPI Version 1.26 Released!
Message-ID:
         <06AD26F8200E9B4F9D460E6F21A5B4759D4784A5@xxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

Wow, that was fast! Scott, thank you so much - I'll get this into testing today and will let you know the results.

You just made my Monday! :)

Kim


On Fri, Dec 19, 2014 at 2:10 AM, Scott Klement <sk@xxxxxxxxxxxxxxxx> wrote:

Everyone,

It's been much too long since I've released a version of HTTPAPI -- so
I decided to go ahead and release one :-)

Version 1.26 contains these updates (over 1.24):

-- Several bug fixes.
-- Disabled Nagle's Algorithm to improve performance
-- When possible, send entire request in a single block to improve
performance
-- Disable support for SSL versions 2 and 3 unless you explicitly
enable them with https_init, due to the fact that these protocols are
no longer secure.
-- Enable support for TLS versions 1.1 and 1.2 if your operating
system supports them.
-- Enable support for Server Name Indication (SNI) in SSL/TLS if your
operating system supports it.

Please report any suggestions/problems to this mailing list.

Thanks!


CONFIDENTIALITY NOTICE: This transmission is intended only for the use of the individual(s) named as recipients. It may contain information that is privileged, confidential and/or protected from disclosure under applicable law. If you are not the intended recipient of this transmission, please notify the sender immediately by telephone. Do not deliver, distribute or copy this transmission, disclose its contents, or take any action in reliance on the information it contains
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------



-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------