After installing cumulative PTF on V6R1 our SSL Client (Mochasoft) is not working anymore.
We don't have a software contract, IBM gives no support, even payed !
Options in STRSST are not working (Security Bulletin CVE-2014-3566).
It is also not possible to access the DCM via port 2001.
SSL-Telnet is up and running according to netstat *cnn.
It seems that SSL V3 is disabled, but a proper error message is not available.
Also downloaded the latest "Java-Client iAccess", same result: NO SSL connection.
Thank you for any help.
Try getting to DCM using this link:
Replace "youribmiaddress" with the IP address of your IBM i. Also, make sure the *ADMIN instance is running.
I've seen many systems where the IBM i tasks page just won't come up, but this link works.
As for Mochasoft, do they provide support? Perhaps it needs an update as well?
Hi , thank you for your answer, sorry for the delay but there was no notification.
Your trick works, the dcm is displayed but it not helps much. Can't see any certificates.
Tried much, but nothing helped yet.
Mochasoft gave support, but even the latest version not works.
I make my tests now local with the Java-client "IBM i access client solutions", so client and server is from IBM.
The client works fine with the public-server "pub1.de".
T H A N K Y O U !!!
After some testing i gained access to to DCM with the link you provided.
Renewed the 512 bytes certificate and put it to all services.
With 1024 bytes certificates the ssl-client didn't work.
After enabling SSLV3 and SSL Renegotiation without RFC 5746 to 'ALL' all works fine as before.
For details check Security Bulletin (CVE-2014-3566). Current link (IBM links often changes) :
Things i learned:
- won't touch an IBM System i with an outdated release, even when outdated only 2 months !
- won't touch an IBM System i without hardware AND software maintanence !
If something happens, IBM gives you just NO SUPPORT. In the case above costs for a "renewal" of the contract where over $ 7k !
Have a nice weekend