[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] Problem: (GSKit) No compatible cipher suite available between SSL end points.

Just do you know, the newer SSL certificates use Ciphers that are are not and will not ever be available on V7R1 and lower.  So you may be stuck with updating your OS to V7R2 or higher.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #9: Superior debugging (when using MAILTOOL Plus) - Bypassing the IBM SMTP server means that we can fully debug and track down sometimes hard to find problems. Even the Trace TCP/IP Application (TRCTCPAPP) command won't be this detailed!

On Tue, Oct 3, 2017 at 8:23 PM, James H. H. Lampert <jamesl@xxxxxxxxxxxxxxxxx> wrote:
I wrote:
I mean, I know that I need to get HTTPAPI and Tomcat speaking the
same language, but where do I begin?

 Christopher Schultz (Tomcat List) wrote:
First, I would check to see what Tomcat is actually advertising.
There are several ways to do that. One of them is to use Qualys's
SSLLabs server test:

https://www.ssllabs.com/ssltest/

Thanks, Mr. Schultz. That gives me a start.

Ok, here's what I got back.
Protocols
TLS 1.3         No
TLS 1.2         Yes
TLS 1.1         Yes
TLS 1.0         Yes
SSL 3   No
SSL 2   No

Cipher Suites
# TLS 1.2 (server has no preference)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS  128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp521r1 (eq. 15360 bits RSA)   FS       128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS  256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp521r1 (eq. 15360 bits RSA)   FS       256
# TLS 1.1 (server has no preference)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS  128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS  256
# TLS 1.0 (server has no preference)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS  128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS  256

I may have known how to determine what HTTPAPI supports, but if so, I've forgotten. Ditto for adding protocols to Tomcat.

As to the client end, it's using HTTPAPI 1.24, running on an AS/400 that's at V6R1.


--
JHHL
--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi

-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi