Scott
I downloaded version 1.26 onto our V6R1 machine and our V7R1 machines
I changed EXAMPLE9 and ran it.
Here are the logs on V7R1
https_init(' ': *OFF: *OFF: *OFF: *ON: *ON);
HTTPAPI Ver 1.26 released
2014-12-19
OS/400 Ver
V7R1M0
************Beginning of data**************
HTTPAPI Ver 1.26 released 2014-12-19
OS/400 Ver V7R1M0
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
https_init(): entered
QSSLPCL = *OPSYS
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support disabled
TLS version 1.0 support disabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
(GSKit) Operation is not supported by SSL.
ssl_error(412): (GSKit) Operation is not supported by SSL.
SetError() #24: gsk_env_init: (GSKit) Operation is not supported by
SSL.
************End of Data********************
https_init(' ': *ON: *ON: *ON: *ON: *ON);
************Beginning of data**************
HTTPAPI Ver 1.26 released
2014-12-19
OS/400 Ver
V7R1M0
https_init():
entered
QSSLPCL =
*OPSYS
SSL version 2 support enabled
SSL version 3 support
enabled
Old interface to TLS version 1.0 support
enabled
TLS version 1.0 support enabled
TLS version 1.1 support
enabled
TLS version 1.2 support
enabled
-----------------------------------------------------------------------
--------------
Dump of local-side certificate
information:
-----------------------------------------------------------------------
--------------
************End of Data********************
Here are the logs on our V6R1 machine.
I will check with IBM to see if we have the correct PTFs on this
machine for TLS support.
https_init(' ': *OFF: *OFF: *OFF: *ON: *ON);
************Beginning of
data**************
HTTPAPI Ver 1.26 released
2014-12-19
OS/400 Ver
V6R1M0
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
ProtLoc=0
https_init():
entered
QSSLPCL = *OPSYS
SSL version 2 support
disabled
SSL version 3 support
disabled
Old interface to TLS version 1.0 support
disabled
Support for TLS 1.0
unavailable.
Support for TLS 1.1
unavailable.
Support for TLS 1.2
unavailable.
(GSKit) Operation is not supported by
SSL.
ssl_error(412): (GSKit) Operation is not supported by
SSL.
SetError() #24: gsk_env_init: (GSKit) Operation is not supported by
SSL.
************End of Data********************
https_init(' ': *ON: *ON: *ON: *ON: *ON);
************Beginning of
data**************
HTTPAPI Ver 1.26 released 2014-12-19
OS/400 Ver
V6R1M0
https_init(): entered
QSSLPCL =
*OPSYS
SSL version 2 support
enabled
SSL version 3 support
enabled
Old interface to TLS version 1.0 support
enabled
Support for TLS 1.0
unavailable.
Support for TLS 1.1
unavailable.
Support for TLS 1.2
unavailable.
-----------------------------------------------------------------------
--------------
Dump of local-side certificate
information:
-----------------------------------------------------------------------
--------------
************End of
Data********************
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Klement
Sent: Monday, December 22, 2014 8:31 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: HTTPAPI Version 1.26 Released!
Hi Kim,
It shouldn't be necessary to call https_init() to turn on TLS 1.1 and
TLS 1.2, they should be on by default.
Sorry about the HTTP_USERAGENT -- I forgot to update that. Ugh... will
do that.
On 12/22/2014 5:14 PM, Kim Mitchell wrote:
> Hi Scott,
>
> I've installed version 1.26 of HTTPAPI, and ran it through a few
tests.
>
> As per your instructions, I called https_init() and told it to use
TLS versions 1.1 and 1.2 (we've been told we will have to shut off TLS
1.0 soon):
>
> https_init(APP_ID: *OFF: *OFF: *OFF: *ON: *ON);
>
> I did notice that the constant HTTP_USERAGENT in CONFIG_H is still
set to 'http-api/1.24', but that didn't appear to have an effect on my
test.
>
> It works beautifully. Here is a snippet of my debug file:
>
> HTTPAPI Ver 1.26 released 2014-12-19
> OS/400 Ver V7R1M0
>
> New iconv() objects set, PostRem=819. PostLoc=0.
ProtRem=819. ProtLoc=0
> https_init(): entered
> QSSLPCL = *TLSV1.2 *TLSV1.1 *TLSV1
> SSL version 2 support disabled
> SSL version 3 support disabled
> Old interface to TLS version 1.0 support disabled
> TLS version 1.0 support disabled
> TLS version 1.1 support enabled
> TLS version 1.2 support enabled
>
> Thank you so much for your help and support. Merry Christmas!
>
> Kim Mitchell
> ------------------------------
>
> Message: 2
> Date: Mon, 22 Dec 2014 15:04:06 +0000
> From: Kim Mitchell <[1]kmitchell@xxxxxxxxxxxxxxxxxx>
> To: "[2]ftpapi@xxxxxxxxxxxxxxxxxxxxxx"
<[3]ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: HTTPAPI Version 1.26 Released!
> Message-ID:
>
<[4]06AD26F8200E9B4F9D460E6F21A5B4759D4784A5@xxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
>
> Wow, that was fast! Scott, thank you so much - I'll get this into
testing today and will let you know the results.
>
> You just made my Monday! :)
>
> Kim
>
>
> On Fri, Dec 19, 2014 at 2:10 AM, Scott Klement
<[5]sk@xxxxxxxxxxxxxxxx> wrote:
>> Everyone,
>>
>> It's been much too long since I've released a version of HTTPAPI --
so
>> I decided to go ahead and release one :-)
>>
>> Version 1.26 contains these updates (over 1.24):
>>
>> -- Several bug fixes.
>> -- Disabled Nagle's Algorithm to improve performance
>> -- When possible, send entire request in a single block to improve
>> performance
>> -- Disable support for SSL versions 2 and 3 unless you explicitly
>> enable them with https_init, due to the fact that these protocols
are
>> no longer secure.
>> -- Enable support for TLS versions 1.1 and 1.2 if your operating
>> system supports them.
>> -- Enable support for Server Name Indication (SNI) in SSL/TLS if
your
>> operating system supports it.
>>
>> Please report any suggestions/problems to this mailing list.
>>
>> Thanks!
>
> CONFIDENTIALITY NOTICE: This transmission is intended only for the
use of the individual(s) named as recipients. It may contain
information that is privileged, confidential and/or protected from
disclosure under applicable law. If you are not the intended recipient
of this transmission, please notify the sender immediately by
telephone. Do not deliver, distribute or copy this transmission,
disclose its contents, or take any action in reliance on the
information it contains
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubscribe, please go to:
> [6]http://www.scottklement.com/mailman/listinfo/ftpapi
>
-----------------------------------------------------------------------
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
[7]http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
References
1. mailto:kmitchell@xxxxxxxxxxxxxxxxxx
2. mailto:ftpapi@xxxxxxxxxxxxxxxxxxxxxx
3. mailto:ftpapi@xxxxxxxxxxxxxxxxxxxxxx
4. mailto:06AD26F8200E9B4F9D460E6F21A5B4759D4784A5@xxxxxxxxxxxxxxxxxxx
5. mailto:sk@xxxxxxxxxxxxxxxx
6. http://www.scottklement.com/mailman/listinfo/ftpapi
7. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------