相关文章推荐
咆哮的生菜  ·  SpringBoot配置Logback ...·  3 月前    · 
睡不着的抽屉  ·  Windows 8、8.1、10、または ...·  8 月前    · 
急躁的伤疤  ·  Django 找不到模版报错" ...·  1 年前    · 
有爱心的爆米花  ·  在Excel ...·  1 年前    · 
冲动的野马  ·  群晖 批量修改文件名_头条·  1 年前    · 
Code  ›  Connect:Direct for i5/OS receives ASMT806I, ATCP022I, and ATCP037I errors when TLSv1.3 is available
connect aes rsa
https://www.ibm.com/support/pages/connectdirect-i5os-receives-asmt806i-atcp022i-and-atcp037i-errors-when-tlsv13-available
力能扛鼎的红酒
1 年前

To return expected results, you can:

  • Reduce the number of search terms. Each term you use focuses the search further.
  • Check your spelling. A single misspelled or incorrectly typed term can change your result.
  • Try substituting synonyms for your original terms. For example, instead of searching for "java classes", try "java training"
  • Did you search for an IBM acquired or sold product ? If so, follow the appropriate link below to find the content you need.

    • ######00000008/00000000/ASMT806I-Unknown sense code received.
    Sense:: 0000
    ######00000008/00000000/ATCP022I-Error reading TCP/IP header
    ######00000008/00000000/ATCP037I-TCP/IP error occurred filling look-ahead buffer
    Session not established with Nodename
    ######00000016/00006011/CSPA999E-SECURE+ INTERNAL ERROR
    ######00000008/00006011/CSPA204E-SSL receive failure, rc=&VAR1, rsn=&VAR2
    Even when TLSv1.2 and its ciphers are selected in C:D Secure+ parameters, connection attempt is still made with TLSv1.3 and its ciphers.
    TLS1.3 ciphers:
    *AES_128_GCM_SHA256
    *AES_256_GCM_SHA384
    *CHACHA20_POLY1305_SHA256
    1. QSSLPCL - If this system value is set to *OPSYS, then by default TLSv1.3 will be used.
    2. QSSLCSL - If this system value has *RSA ciphers added if certificate used has key algorithm of RSA. By default below TLS1.3 ciphers will take the precedence if they are listed in the system value.
    *AES_128_GCM_SHA256
    *AES_256_GCM_SHA384
    *CHACHA20_POLY1305_SHA256

    Resolving The Problem

    Apply latest cumulative maintenance to obtain APAR IT32845, included in PTF2005A and later. This will bypass TLSv1.3 until full support is enabled in Connect:Direct for i5/OS.
    As a workaround you may do the following:
    1. By default on V7R4 support for RSA ciphers is disabled. Add the *RSA ciphers supported by CD in QSSLCSL system value if certificate used has key algorithm of RSA.
    Example:
    *RSA_AES_128_CBC_SHA256
    *RSA_AES_128_CBC_SHA
    *RSA_AES_256_CBC_SHA256
    *RSA_AES_256_CBC_SHA
    *RSA_AES_128_GCM_SHA256
    *RSA_AES_256_GCM_SHA384
    *RSA_3DES_EDE_CBC_SHA
    2. Change system value QSSLCSLCTL to *USRDFN if *OPSYS
    3. In DCM update the Application ID used for Connect:Direct by changing TLS Protocol from *PGM to Define protocol supported and unchecking TLSv1.3 like below. This will disable TLS1.3 for Connect:Direct.
    image 3207
    [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRS27","label":"IBM Sterling Connect:Direct for i5\/OS"},"ARM Category":[{"code":"a8m0z000000cwUtAAI","label":"SECURE+"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"3.8.","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
     
    推荐文章
    咆哮的生菜  ·  SpringBoot配置Logback 日志按时间和按大小分割-腾讯云开发者社区-腾讯云
    3 月前
    睡不着的抽屉  ·  Windows 8、8.1、10、または Windows 11 で .NET Framework 1.1 アプリを実行する - .NET Framework | Microsoft Learn
    8 月前
    急躁的伤疤  ·  Django 找不到模版报错" django.template.exceptions.TemplateDoesNotExist: index.html" - 编程青年的崛起 - 博客园
    1 年前
    有爱心的爆米花  ·  在Excel VBA中从此文件夹路径内的文件获取文件夹路径-腾讯云开发者社区-腾讯云
    1 年前
    冲动的野马  ·  群晖 批量修改文件名_头条
    1 年前
    今天看啥   ·   Py中国   ·   codingpro   ·   藏经阁   ·   小百科   ·   link之家   ·   卧龙AI搜索
    删除内容请联系邮箱 2879853325@qq.com
    Code - 代码工具平台
    © 2024 ~ 沪ICP备11025650号