bvstone

MAILTOOL and Get URI (GETURI) Updated to allow Non-Strict SSL Communications

Posted:
MAILTOOL and Get URI (GETURI) Updated to allow Non-Strict SSL Communications

For years we have always made sure MAILTOOL and  GETURI handles SSL Handshakes in a "strict" mode.  This means that during the SSL handshake if there are any errors returned, we capture them and end, reporting the end to the user.  For most compliance issues, this is a must (such as PCI compliance).

Recently we have gone though quite an issue with Microsoft Office 365 cloud based email servers and have finally decided to add the option (after over 15 years!) to allow you to call MAILTOOL or GETURI without SSL Strict Communications.  With this new feature, if we run into SSL certificate issues (such as SSL_ERROR_NOT_TRUSTED_ROOT) we can temporarily turn off the SSL Strict Communications and bypass the errors while the problem is solved.

MAILTOOL v10.50 and GETURI v7.00 were recently released with the following new features:

  • GETURI - If you set the data area GUSSL01DA (10-char) to the value of *NO, that will turn off GETURI SSL Strict Communications.  All other values, and even if you delete the data area, will result in the default of Strict SSL Communications.  

    CHGDTAARA DTAARA(GETURI/GUSSL01DA *ALL) VALUE(*NO)
     
  • MAILTOOL - If you set the data area MLTSSL01DA (10-char) to the value of *NO, that will turn off MAILTOOL SSL Strict Communications.  All other values, and even if you delete the data area, will result in the default of Strict SSL Communications.  

    CHGDTAARA DTAARA(MAILTOOL/MLTSSL01DA *ALL) VALUE(*NO)
     
  • If you turn on debug with MAILTOOL or GETURI, not only will the SSL Strict settings be echoed in the log file, but the SSL certificate used by the server will also be downloaded and store in the IFS.  This file can be used to extract the Certificate Authorities (CAs) and import them into Digital Certificate Manager (DCM) so that we can "trust" the specific SSL certificate in use by the server you are communicating with.
  • If you bypass the Strict SSL setting and there are any SSL errors ignored, your job log will display a warning.

Thank you again for all of your support.  And as always, feel free to contact us with any questions, ideas or concerns.
Last edited 11/01/2017 at 14:26:50


Reply



© Copyright 1983-2024 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).