bvstone

V7R1 SSL Cipher Support - Another Interesting Journey, and Why I Want My AS/400 Back

Posted:

V7R1 SSL Cipher Support - Another Interesting Journey, and Why I Want My AS/400 Back

In my daily job of supporting thousands of customers all over the world with the software that I have available, I ran into an interesting issue with two customers in a row on the same day, and I'm sure more to follow.  

Each of them were using my GETURI software to communicate with servers over HTTPS.  But suddenly they started receiving the following error:

Error during SSL Handshake.  RC(-1) errno(0). There is no error.

Now, this error, if we look up the return code (which is -1), means SSL_ERROR_NO_CIPHERS.  Translated literally it means "Your system does not support the SSL ciphers in use by the server you are communicating with."

This was interesting, but not surprising.  I knew sooner or later it would happen.  SSL has been in a state of accelerated updates ever since the Heartbleed and other security holes have been found.  But in this case, The V7R1 Operating System doesn't have the newer ciphers in use by the servers that are slowly updating their SSL certificates.

What does this mean? According to IBM, it means you need to update your OS version to one that has the new ciphers (V7R2 or V7R3).  No big deal, right?  Not on paper, but anyone who's done an OS upgrade knows that it's not a simple task

Because V7R1 is still officially supported at this time, I was told that to get IBM to think about adding the fix to first create a Problem Management Report (PMR).  So, I did.  In the PMR I explained that updating the ciphers for V7R1 is necessary because it is halting business transactions with servers using the newer ciphers for SSL  Halting real "e-commerce"!  Something the platform is supposedly touted for (and I agree, it is a great machine!)

I was surprised to receive a quick response was to create a Request For Enhancement (RFE), which I did.  The RFE can then be voted on by others who feel it is a worthy cause.  At this time, we already have 37 votes (which seems like a lot since I couldn't find any others with more then 3 votes).

"Through the grapevine" I was then told that IBM has no plan on updating the ciphers for V7R1.  My immediate response was "if that's the case, why make us go through the PMR and RFE route?"

What I would rather love to tell a customer is "Yes, I understand and am familiar with the issue.  IBM, being the awesome company that they are, created this PTF you can apply to install the newer ciphers so your applications will again function!"

But, it looks like the politics of business are getting in the way.  Getting in the way of paying customers that require this update in order to function.  Without a solid answer, the customer will sit and wait for the PTF containing the cipher upgrade or a definite answer of NO in which case they can start planning the OS upgrade.  

It is odd, but I would accept "no" as the answer.  Just remember that means when I'm asked about this from one of my many customers in the future, my answer will be literally like throwing IBM under the bus for the problem in the first place.  "Yes, you need to do an OS upgrade if you want it to work.  That comes straight from IBM."

What I would rather love to tell a customer is "Yes, I understand and am familiar with the issue.  IBM, being the awesome company that they are, created this PTF you can apply to install the newer ciphers so your applications will again function!"

Of course we're also told that as long as the customer is on SWMA it's a free upgrade.  Well, that assumes a few things as well.

  1. They host their own hardware (many customers use cloud services or have other companies host their machines)
  2. Any other 3rd party software will not only function on the new OS version, but also won't require a "fee" to for the OS upgrade
  3. They have the time to shut down and do the upgrade.  Sure it sounds easy, but it's not "that" easy and can take a good weekend as well as days or weeks after chasing new bugs that may exist.

I admit that I'm probably being quite forceful about this.  That's because I value my customers and I will do anything to help them.  In this case, updating ciphers so they are current on a supported OS version doesn't sound out of the question.  And it appears most agree with this.

I will update this thread as new details emerge.  I have one customer looking into the OS version upgrade costs and hopefully they can share them.

But please, IBM, if you want your image with the IBM i to stay strong, go back to treating us like you did when it was an AS/400.  Either end support for V7R1 (which it's a little late for that now) or honor your commitment to your paying customers.  I know I would, and do.

 


Last edited 01/12/2017 at 14:57:38



Latest Posts:

QuickBooks Online - Subtotals and Discounts Frustration QuickBooks Online - Subtotals and Discounts Frustration
Posted by March 16, 2023
QuickBooks >> QuickBooks Online
Making the Switch From QuickBooks Desktop to QuickBooks Online - No Picnic Making the Switch From QuickBooks Desktop to QuickBooks Online - No Picnic
Posted by March 16, 2023
QuickBooks >> QuickBooks Online
BVSTools Software Verified on V7R5 and Power10 BVSTools Software Verified on V7R5 and Power10
Posted by December 9, 2022
BVSTools >> BVSTools Announcements
Microsoft Office 365 Servers and Random Errors Issue Microsoft Office 365 Servers and Random Errors Issue
Posted by November 14, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Sending/Resending Emails Using a MIME File with MAILTOOL Sending/Resending Emails Using a MIME File with MAILTOOL
Posted by November 8, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Sending an HTML Email on Your IBM i Using MAILTOOL Sending an HTML Email on Your IBM i Using MAILTOOL
Posted by November 1, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Transferring License Keys from One System to Another Transferring License Keys from One System to Another
Posted by October 31, 2022
BVSTools >> BVSTools Software Discussion
Calculating the Size of a File Before Base64 Encoding Calculating the Size of a File Before Base64 Encoding
Posted by August 13, 2022
Programming >> RPG Programming
GreenTools for Microsoft Apps (G4MS) v9.12 Now Includes Function to Send Emails using MIME File GreenTools for Microsoft Apps (G4MS) v9.12 Now Includes Function to Send Emails using MIME File
Posted by August 11, 2022
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
GreenTools for Google Apps (G4G) v15.20 Now Supports Shortcuts GreenTools for Google Apps (G4G) v15.20 Now Supports Shortcuts
Posted by August 6, 2022
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
GreenTools for Microsoft Apps (G4MS) Groups Admin Authority Instructions GreenTools for Microsoft Apps (G4MS) Groups Admin Authority Instructions
Posted by July 26, 2022
BVSTools >> BVSTools Software Discussion >> GreenTools for Microsoft Apps (G4MS) Specific Discussion
GreenTools for Microsoft Apps (G4MS) v9.10 Now Includes OneDrive Functions that Work With Groups/Shared Drives GreenTools for Microsoft Apps (G4MS) v9.10 Now Includes OneDrive Functions that Work With Groups/Shared Drives
Posted by July 19, 2022
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
GreenTools for Google Apps (G4G) v15.10 Now Includes Drive Functions that Work With Shared Drives GreenTools for Google Apps (G4G) v15.10 Now Includes Drive Functions that Work With Shared Drives
Posted by July 15, 2022
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
GreenTools for Microsoft Apps (G4MS) v9.00 Now Offers Functions to Bypass Registration Command and BVSTools Landing Page GreenTools for Microsoft Apps (G4MS) v9.00 Now Offers Functions to Bypass Registration Command and BVSTools Landing Page
Posted by July 4, 2022
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
What Objects Should I Omit from Replication to Ensure My License Keys Work on my HA/DR System? What Objects Should I Omit from Replication to Ensure My License Keys Work on my HA/DR System?
Posted by June 27, 2022
BVSTools >> BVSTools Software Discussion

Reply




© Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).