Re: SHA-256 certificates and TLS 1.0 for HTTPS

[Scott Klement <sk@xxxxxxxxxxxxxxxx>]

HTTPAPI uses the operating system's support for SSL/TLS.  So your 
question is really whether IBM supports SSL/TLS with SHA-256 on v5r4.

My understanding is that IBM does not support this at V5R4.  (It works 
on 7.1 with PTFs, or with 7.2 -- these I know, since I've tested them.)




On 7/16/2015 9:57 AM, Robert Romano wrote:
>     Hello,
>
>
>     I was hoping to re-open the discussion on "v5r4 SHA-256 certificates
>     and TLS 1.0 for HTTPS" from earlier this year. I have a similar issue
>     where I am stuck on V5R4 of the operating system (long story) and until
>     recently was able to use HTTPAPI with a partner using a SHA 1
>     certificate. They have moved to a SHA2 cert and I now receive an error
>     message "SSL Handshake: (GSKit) Certificate was rejected by the
>     application supplied exit".
>
>
>     I see the assertion from a March 12, 2015 post that SHA2 requires
>     TLS1.1 or TLS1.2 which are not available for V5R4, but I also see many
>     references on IBM's web site that say the V5R4 does support SHA-256. I
>     created a new *SYSTEM cert in the certificate store with a size of 256
>     and made it the default but get the same error. Is supporting SHA2
>     possible on V5R4 and, if so, does anyone have any advice on what I need
>     to do?
>
>
>     Thanks for any help.
>
>
>     Bob
>
>
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------