[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS1.2 Use
Jeff,
LOL, I think you just told me to take my clothes off! I assume you want
me to "bear" with you (not "bare" with you).. haha
To run TLS 1.2, you'll need IBM i 7.1 or higher. You also need to have
the appropriate PTFs, system values, etc. You say that you've done this
already. You'll also need a current version of HTTPAPI. There is no
advantage to running an old version... and if yours is from 2009 its
definitely too old!
To answer your questions:
1) The version of HTTPAPI can be found by opening the
QRPGLESRC,HTTPAPI_H source member and searching for HTTPAPI_VERSION
2) The download/install of HTTPAPI will give you the latest version,
which contains all of the updates made in all previous versions. (There
is no advantage to running an old version of HTTPAPI.)
3) Yes, you can restore a previous version of HTTPAPI simply by
restoring the library it was installed into from backup. That library
is LIBHTTP by default. (But it may be put into any library.)
4) HTTPAPI itself should be recompiled (since it is distributed as
source code). However your programs that call it do NOT need to be
recompiled. HTTPAPI will automatically attempt to use TLS 1.2 if
possible, falling back to 1.1 or 1.0 if not.
5) The only reason I can think to recompile would be if you require
SSLv3, because that protocol is insecure and disabled by default in
recent versions of HTTPAPI. I do not recommend using this, but if you
absolutely need it, you could enable it by adding a call to https_init()
into your RPG code, which of course would require you to recompile it.
-SK
On 6/7/2016 12:47 PM, Turriff, Jeffrey wrote:
Please bare with me, I am an old RPG developer who can barely spell
HTTP. We have an iseries that interfaces with the web. We are trying to
communicate using TLS1.2, but only achieve TLS1.0. Various resources,
including IBM, have confirmed that the iseries is configured correctly
to utilize TLS1.2. This includes OS, PTF's, system values, and DCM. We
are suspecting the reason is because we have an older version of
HTTPAPI. Looks like it was originally installed in 2009. I saw emails
that started that 1.26 or higher was need to negotiate TLS1.2. How can
I determine the version we are using. Does the install process contain
all changes in LIBHTTP? If we need to revert back to the original
process, can I simple just restore the old LIBHTTP library? Do
application need to be recompiled once version 1.32 is installedin
order to utilize TLS1.2?
Your help is appreciated.
Thanks
Jeff Turriff
Alta Resources
eBusiness Support and Operations
751.5800 Ext.8934
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------