[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: TLS1.2 Use

From: "Turriff, Jeffrey" <JTurriff@xxxxxxxxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: TLS1.2 Use
Date: Wed, 8 Jun 2016 01:53:49 +0000

Scott,
Lol right back at you. Was wishing you were female because it would make it a little easier for me to communicate here. Anyway, thanks for your response. They are very helpful. Strange thing about our situation was that one partition was using TLS1.2 and another was not. After the third IBM Rep, it was discovered that there is a service tools setting that was preventing us from using TLS1.2. It had TLS1.0 as the default. None the less, I appreciate your response very much. I started to suspect it was at an application level. I just learned about you and your software about a month ago. You are a very impressive person. I wish I had half of your talents. 

Thanks again Scott. 

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Tuesday, June 07, 2016 8:21 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: TLS1.2 Use

Jeff,

LOL, I think you just told me to take my clothes off!  I assume you want me to "bear" with you (not "bare" with you).. haha

To run TLS 1.2, you'll need IBM i 7.1 or higher.  You also need to have the appropriate PTFs, system values, etc.  You say that you've done this already. You'll also need a current version of HTTPAPI.  There is no advantage to running an old version...  and if yours is from 2009 its definitely too old!

To answer your questions:

1) The version of HTTPAPI can be found by opening the QRPGLESRC,HTTPAPI_H source member and searching for HTTPAPI_VERSION

2) The download/install of HTTPAPI will give you the latest version, which contains all of the updates made in all previous versions.  (There is no advantage to running an old version of HTTPAPI.)

3) Yes, you can restore a previous version of HTTPAPI simply by restoring the library it was installed into from backup.  That library is LIBHTTP by default.  (But it may be put into any library.)

4) HTTPAPI itself should be recompiled (since it is distributed as source code).  However your programs that call it do NOT need to be recompiled.  HTTPAPI will automatically attempt to use TLS 1.2 if possible, falling back to 1.1 or 1.0 if not.

5) The only reason I can think to recompile would be if you require SSLv3, because that protocol is insecure and disabled by default in recent versions of HTTPAPI.  I do not recommend using this, but if you absolutely need it, you could enable it by adding a call to https_init() into your RPG code, which of course would require you to recompile it.

-SK

On 6/7/2016 12:47 PM, Turriff, Jeffrey wrote:
>     Please bare with me, I am an old RPG developer who can barely spell
>     HTTP. We have an iseries that interfaces with the web. We are trying to
>     communicate using TLS1.2, but only achieve TLS1.0. Various resources,
>     including IBM, have confirmed that the iseries is configured correctly
>     to utilize TLS1.2. This includes OS, PTF's, system values, and DCM. We
>     are suspecting the reason is because we have an older version of
>     HTTPAPI. Looks like it was originally installed in 2009. I saw emails
>     that started that 1.26 or higher was need to negotiate TLS1.2.  How can
>     I determine the version we are using. Does the install process contain
>     all changes in LIBHTTP? If we need to revert back to the original
>     process, can I simple just restore the old LIBHTTP library? Do
>     application need to be recompiled once version 1.32 is installedin
>     order to utilize TLS1.2?
>
>     Your help is appreciated.
>
>     Thanks
>
>     Jeff Turriff
>     Alta Resources
>     eBusiness Support and Operations
>     751.5800 Ext.8934
>

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- TLS1.2 Use
  - From: Turriff, Jeffrey
- Re: TLS1.2 Use
  - From: Scott Klement

Prev by Date: Re: TLS1.2 Use
Next by Date: Latest version 1.32 source members have no type/text?
Previous by thread: Re: TLS1.2 Use
Next by thread: Latest version 1.32 source members have no type/text?
Index(es):
- Date
- Thread