1.  Home
  2. MIDRANGE-L
  3. October 2015

RE: Looking for TLS 1.0 connections

Mike,

I use TRCINT *SCKSSL.
See doc
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020594
Java related jobs excluded.

TRCINT SET(*ON) TRCTBL('SSL-1700x') SIZE(512 *MB) TRCFULL(*STOPTRC) TRCTYPE(*SCKSSL) SLTTRCPNT((17000 17009)).
TRCINT SET(*OFF) TRCTBL('SSL-1700X') OUTPUT(*PRINT)

I've enhanced the output by creating a PF and loading it from the output of the trace.

SSLVER CIPHER LIP RIP DNSNAM
TLSV1.2 TLS_RSA_WITH_AES_256_CBC_SHA2 10.X.XX.X 10.X.XXX.XX1 psirockatst01.pencor.com
TLSV1.0 TLS_RSA_WITH_AES_128_CBC_SHA 10.X.X.XXX 10.X.XX.XX psisystems02.pencor.com


SSLDAT SSLDAT A 8 1
SSLTIM SSLTIM A 15 9
SSLVER SSLVER A 10 24
CIPHER CIPHER A 30 34
LPORT LPORT A 5 64
LIP LIP A 30 69
RPORT RPORT A 5 99
RIP RIP A 30 104
JOBNAM JOBNAM A 10 134
JOBUSR JOBUSR A 10 144
JOBNUM JOBNUM A 6 154

I could send you the source if interested offline.

CPYSPLF FILE(QPCSMPRT) TOFILE(QGPL/SSLLOG) SPLNBR(*LAST) MBROPT(*REPLACE) CTLCHAR(*PRTCTL).
CLRPFM FILE(QGPL/SSLPF01)
CALL PGM(SSLLOG)
RUNQRY QRY(SSLLOG2)
RUNQRY QRY(SSLLOG3)

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Wednesday, October 21, 2015 4:40 PM
To: Midrange Systems Technical Discussion
Subject: Looking for TLS 1.0 connections

We are in the planning stages of turning off TLS 1.0 support for FTP and TELNET on our V7.1 system. We did the research on how to turn it off and that part looks straightforward. We already have the old SSL support turned off. What we are concerned about is what client access clients might be running on older PCs (still running XP or Vista) that are currently connecting using TLS 1.0 because they don't support TLS 1.1 or 1.2. I was looking for a way to try and find out if we have that problem to worry about and if we do, how big of a problem it is. I looked into the Telnet exit point data and it can tell me if the connection is secure or non-secure but it does not appear to have what protocol a secure connection is using. (we have unsecure telnet and ftp turned off completely so I know all current connections are at least TLS 1.0). Is anyone aware of any way to find out the exact level of TLS a telnet or ftp session is running under?

Mike Cunningham
Pennsylvania College of Technology


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.