[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: v5r4 SHA-256 certificates and TLS 1.0 for HTTPS



   �n,
   Perhaps I am confused, isn't a digital certificate used in encrypted
   communications?
   In this case, a former employer has a process using HTTP API on a v5r4
   box.� They had some difficulty last year when the server they are
   talking to disabled SSL 3.0 and updated it's ssl cert "from SHA1 to
   ��A-256"
   I'm unsure what the resolution was, other than it appears they got the
   vendor to re-issue an SHA1 cert.
   Now however, "SHA1 cert expires next thursday and they can't get it
   resigned."
   They have an extended support contract with IBM.� IBM is telling them
   they "need to load 5-7 PTFs to use SHA2" on v5r4.� I wasn't given any
   PTF#s... I just found the one in my post by searching the PTF cover
   letter DB for SHA2.
   Personally, I thought they'd be SOL being on v5r4...
   Charles
   �
   On Fri, Feb 19, 2016 at 11:08 AM, Ian Patterson
   <[1]ian@xxxxxxxxxxxxxxxxx> wrote:

     Charles, I don't think so.
     Its easy to mix up SHA2 used in communications and SHA2 used in
     digital signatures.
     I think the PTF you are referring to is support for SHA2 algorithms
     in the digital certificates.
     SHA2 used in communications encryption is entirely different. I did
     a lot of work a year or so ago with V5R4 trying to support TLS1.1
     and 1.2 and it doesn't.
     Regards
     Ian Patterson
     -----Original Message-----
     From: [2]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
     [mailto:[3]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
     Charles Wilt
     Sent: 19 February 2016 15:48
     To: HTTPAPI and FTPAPI Projects

   Subject: Re: v5r4 SHA-256 certificates and TLS 1.0 for HTTPS
   Updating an old thread based upon some info I found...
   It appears IBM may have added SHA2 support to v5r4.
   [4]http://www-912.ibm.com/a_dir/as4ptf.nsf/ALLPTFS/MF52000
   Charles
   On Thu, Mar 12, 2015 at 11:42 AM, Ian Patterson
   <[5]ian@xxxxxxxxxxxxxxxxx>
   wrote:
   > Charles.
   >
   > V5R4 supports TLS 1.0
   >
   > However my understanding is that SHA256 (any SHA2) is not supported
   > under TLS 1.0, only 1.1 and 1.2
   >
   > TLS 1.1 and above will not be offered to V5R4. Indeed its only
   > available
   > 7.1 and above.
   >
   > You may find this useful:
   >
   [6]http://ibmsystemsmag.com/Blogs/i-can/Archive/new-system-ssl-support/
   >
   >
   > Regards
   >
   > Ian Patterson
   >
   > Grange IT Limited
   >
   >
   > -----Original Message-----
   > From: [7]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:
   > [8]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Charles Wilt
   > Sent: 12 March 2015 12:39
   > To: HTTPAPI and FTPAPI Projects
   > Subject: v5r4 SHA-256 certificates and TLS 1.0 for HTTPS
   >
   > (posting for a former co-worker)
   >
   > When using HTTP API, can v5r4 decode a SHA-265 certificates from the
   > web server?
   >
   > Also, TLS 1.0 is supported at v5r4 right?� It's just TLS 1.1 and 1.2
   > that is not.
   >
   > So if the web server is disabling just SSL 3.0, HTTPAPI should still
   > work with TLS 1.0?
   >
   > Thanks!
   > Charles
   >
   > --
   > I am using the free version of SPAMfighter.
   > SPAMfighter has removed 512 of my spam emails to date.
   > Get the free SPAMfighter here: [9]http://www.spamfighter.com/len
   >
   > Do you have a slow PC? Try a Free scan
   > [10]http://www.spamfighter.com/SLOW-PCfighter?cid=sigen
   >
   >
   ----------------------------------------------------------------------

     > - This is the FTPAPI mailing list.� To unsubscribe, please go to:

   > [11]http://www.scottklement.com/mailman/listinfo/ftpapi
   >
   ----------------------------------------------------------------------
   > -
   >
   -----------------------------------------------------------------------
   This is the FTPAPI mailing list.� To unsubscribe, please go to:
   [12]http://www.scottklement.com/mailman/listinfo/ftpapi
   -----------------------------------------------------------------------

References

   1. mailto:ian@xxxxxxxxxxxxxxxxx
   2. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   3. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   4. http://www-912.ibm.com/a_dir/as4ptf.nsf/ALLPTFS/MF52000
   5. mailto:ian@xxxxxxxxxxxxxxxxx
   6. http://ibmsystemsmag.com/Blogs/i-can/Archive/new-system-ssl-support/
   7. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   8. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   9. http://www.spamfighter.com/len
  10. http://www.spamfighter.com/SLOW-PCfighter?cid=sigen
  11. http://www.scottklement.com/mailman/listinfo/ftpapi
  12. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------