[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS1.2 Use



Jeff,

LOL, I think you just told me to take my clothes off! I assume you want me to "bear" with you (not "bare" with you).. haha

To run TLS 1.2, you'll need IBM i 7.1 or higher. You also need to have the appropriate PTFs, system values, etc. You say that you've done this already. You'll also need a current version of HTTPAPI. There is no advantage to running an old version... and if yours is from 2009 its definitely too old!

To answer your questions:

1) The version of HTTPAPI can be found by opening the QRPGLESRC,HTTPAPI_H source member and searching for HTTPAPI_VERSION

2) The download/install of HTTPAPI will give you the latest version, which contains all of the updates made in all previous versions. (There is no advantage to running an old version of HTTPAPI.)

3) Yes, you can restore a previous version of HTTPAPI simply by restoring the library it was installed into from backup. That library is LIBHTTP by default. (But it may be put into any library.)

4) HTTPAPI itself should be recompiled (since it is distributed as source code). However your programs that call it do NOT need to be recompiled. HTTPAPI will automatically attempt to use TLS 1.2 if possible, falling back to 1.1 or 1.0 if not.

5) The only reason I can think to recompile would be if you require SSLv3, because that protocol is insecure and disabled by default in recent versions of HTTPAPI. I do not recommend using this, but if you absolutely need it, you could enable it by adding a call to https_init() into your RPG code, which of course would require you to recompile it.

-SK


On 6/7/2016 12:47 PM, Turriff, Jeffrey wrote:
    Please bare with me, I am an old RPG developer who can barely spell
    HTTP. We have an iseries that interfaces with the web. We are trying to
    communicate using TLS1.2, but only achieve TLS1.0. Various resources,
    including IBM, have confirmed that the iseries is configured correctly
    to utilize TLS1.2. This includes OS, PTF's, system values, and DCM. We
    are suspecting the reason is because we have an older version of
    HTTPAPI. Looks like it was originally installed in 2009. I saw emails
    that started that 1.26 or higher was need to negotiate TLS1.2.  How can
    I determine the version we are using. Does the install process contain
    all changes in LIBHTTP? If we need to revert back to the original
    process, can I simple just restore the old LIBHTTP library? Do
    application need to be recompiled once version 1.32 is installedin
    order to utilize TLS1.2?

    Your help is appreciated.

    Thanks

    Jeff Turriff
    Alta Resources
    eBusiness Support and Operations
    751.5800 Ext.8934


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------