Forums >> IBM Power Systems >> (QGPL) IBM i

Jump to:




polarbear101

V6R1 after cumulative PTF SSL not working

Posted:

V6R1 after cumulative PTF SSL not working

Hi *all


After installing cumulative PTF on V6R1 our SSL Client (Mochasoft) is not working anymore.
We don't have a software contract, IBM gives no support, even payed !
Options in STRSST are not working (Security Bulletin CVE-2014-3566).
It is also not possible to access the DCM via port 2001.
SSL-Telnet is up and running according to netstat *cnn.

It seems that SSL V3 is disabled, but a proper error message is not available.
Also downloaded the latest "Java-Client iAccess", same result: NO SSL connection.

Thank you for any help.

 

Regards




Latest Posts:

MAILTOOL Updated to Allow G4GSMAIL as Option in Routers File MAILTOOL Updated to Allow G4GSMAIL as Option in Routers File
Posted by June 28, 2020
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
BVSTools Now Offers Interface with Infor's ION APIs BVSTools Now Offers Interface with Infor's ION APIs
Posted by May 15, 2020
BVSTools >> BVSTools Announcements
More V7R4 IFS File CCSID Issues and The Fix More V7R4 IFS File CCSID Issues and The Fix
Posted by March 4, 2020
IBM Power Systems >> (QGPL) IBM i
Error Retrieving IP Address by Name Error Retrieving IP Address by Name
Posted by February 25, 2020
BVSTools >> BVSTools Software Discussion
Logging jobs that hit an outq Logging jobs that hit an outq
Posted by February 13, 2020
Programming >> CL Programming
GreenTools for Google Apps (G4G) v12.60 Released with Shared Drive Features and More... GreenTools for Google Apps (G4G) v12.60 Released with Shared Drive Features and More...
Posted by February 4, 2020
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc) Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)
Posted by January 31, 2020
Programming >> Web Programming
GreenTools for Slack (G4SLK) v3.00 Released GreenTools for Slack (G4SLK) v3.00 Released
Posted by January 17, 2020
BVSTools >> BVSTools Announcements >> GreenTools for Slack (G4SLK) Specific Announcements
Calling a QSH Command from RPG Calling a QSH Command from RPG
Posted by December 26, 2019
Programming >> RPG Programming
SPLTOOL Print Range (PRTRNG) Function Updated to Handle Spooled Files up to 999,999,999 Pages SPLTOOL Print Range (PRTRNG) Function Updated to Handle Spooled Files up to 999,999,999 Pages
Posted by December 14, 2019
BVSTools >> BVSTools Announcements >> Spooled File Tools (SPLTOOL) Specific Announcements
GreenTools for Microsoft Apps (G4MS) Updated to v6.00 - Now Uses Microsoft Graph APIs GreenTools for Microsoft Apps (G4MS) Updated to v6.00 - Now Uses Microsoft Graph APIs
Posted by November 24, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
V7R4 Changes CCSID of Compressed File Using PASE JAR Command - Here's The Fix V7R4 Changes CCSID of Compressed File Using PASE JAR Command - Here's The Fix
Posted by November 21, 2019
IBM Power Systems >> (QGPL) IBM i
Using GETURI to Make OAuth 2.0 Requests - Custom Headers for Access Tokens Using GETURI to Make OAuth 2.0 Requests - Custom Headers for Access Tokens
Posted by November 11, 2019
BVSTools >> BVSTools Software Discussion >> Get URI (GETURI) Specific Discussion
GreenTools for Microsoft Apps (G4MS) v5.00 Released with Updated OneDrive Support and 3rd Party Functionality GreenTools for Microsoft Apps (G4MS) v5.00 Released with Updated OneDrive Support and 3rd Party Functionality
Posted by October 20, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
BVSTools is Now Running V7R4M0 BVSTools is Now Running V7R4M0
Posted by September 28, 2019
BVSTools >> BVSTools Announcements
bvstone

RE: V6R1 after cumulative PTF SSL not working

Posted:

RE: V6R1 after cumulative PTF SSL not working

Try getting to DCM using this link:

http://youribmiaddress:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0

Replace "youribmiaddress" with the IP address of your IBM i.  Also, make sure the *ADMIN instance is running.

I've seen many systems where the IBM i tasks page just won't come up, but this link works.

As for Mochasoft, do they provide support?  Perhaps it needs an update as well?


Last edited 11/20/2015 at 07:18:00



polarbear101

RE: RE: V6R1 after cumulative PTF SSL not working

Posted:

RE: RE: V6R1 after cumulative PTF SSL not working

Hi , thank you for your answer, sorry for the delay but there was no notification.

Your trick works, the dcm is displayed but it not helps much. Can't see any certificates.

Tried much, but nothing helped yet. 

Mochasoft gave support, but even the latest version not works.

I make my tests now local with the Java-client "IBM i access client solutions", so client and server is from IBM.
The client works fine with the public-server "pub1.de".


Last edited 11/27/2015 at 09:50:46



polarbear101

RE: RE: RE: V6R1 after cumulative PTF SSL not working

Posted:

RE: RE: RE: V6R1 after cumulative PTF SSL not working

T H A N K   Y O U  !!!

After some testing i gained access to to DCM with the link you provided.

Renewed the 512 bytes certificate and put it to all services.
With 1024 bytes certificates the ssl-client didn't work.

After enabling SSLV3 and SSL Renegotiation without RFC 5746 to 'ALL' all works fine as before.
For details check Security Bulletin (CVE-2014-3566). Current link (IBM links often changes) :
http://www-01.ibm.com/support/docview.wss?uid=swg21687173
​http://www-01.ibm.com/support/docview.wss?uid=nas8N1020451

Things i learned:
- won't touch an IBM System i with an outdated release, even when outdated only 2 months !
- won't touch an IBM System i without hardware AND software maintanence !
If something happens, IBM gives you just NO SUPPORT. In the case above costs for a "renewal" of the contract where over $ 7k !

Have a nice weekend

Regards


Last edited 11/28/2015 at 03:22:15




Reply




Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).