This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS v1.2 Not Working with my EXTRA! X-treme 9.6

We want to use TLS v1.2 for our EXTRA! X-treme 9,6.  When we try to connect with the Security Type set to TLS v1.2, we only get the lightning 501 message at the bottom of the screen.  Here is how we set up the Configure Connection screen:

Our network guys ran a trace and found the following communication between the client and server:

 

They said that EXTRA! was not sending a "Client Hello" message to the host based on the trace above.

Can you please advise me as to what I am doing incorrectly here.

Many thanks.

Tags:

Labels:

Mainframe Access
  • Verified Answer

    +1  

    Hi Pablo Luciano,

    I will have a closer look at this, but can you have a look at the Tools- Status app in Extra to see what the application thinks happened to this connection?  It might say something like "TLSStartSecurity returned error 9703 <Server certificate is invalid.>" or "Failed to connect to host.attachmate.com on port 823 - Error = 10060: Connection timed out."

    Regards,

    Jeff

  • 0 in reply to   

    When I have the Verify Server Certificate turned on, the status log says:

    - Last socket error = 0.  No error.

    -  Socket failed to connect.

    - Secure connection was requested but not granted by server 10.231.0.105 on port 6110

    - TLSStartSecurity returned error 9702 <SSL/TLS handshake failed>.

  • 0   in reply to 

    Pablo Luciano,

    I note that you set this connection up for TLS 1.2.  Is that the correct security type for this host and port?  Can you try configuring Extra! for TLS 1.0 and see if you get the same failure on this connection?

    Thanks,

    Jeff

  • 0   in reply to   

    Pablo Luciano,

    I see this is verified Answer.  Does this mean that using TLS 1.0 worked for you?  I ask because a previous comment was verified as the answer.

    Thanks,

    Jeff

  • 0 in reply to   

    Hello Jeff,

          Actually, I have tried all of the security type options.  The only one that works is the "No Security" option.  With TLS v1,0, I get the exact error message (i.e. error 9702).

          Sorry if I specified that the reply has been verified.  I did not mean to do so.  The issue is still pending.

          Thank you again for your assistance.

  • 0   in reply to 

    Pablo Luciano,

    Assuming you are not changing the port number, the fact that "No Security" works tells us that the host is not expecting a secure connection on port 6110.  It is unlikely that the host is expecting secure (TLS) and unsecure (Telnet) connections on the same port.  Please ensure that you have the correct port number to make a secure connection to the host.

    Thanks,

    Jeff B

  • 0 in reply to   

    Thank you very much for your response.

    I have requested our host team to check their connection settings again and provided them with a copy of your comments.  I ill apprise you of their response as soon as I get it.  Many thanks again.

  • 0 in reply to 

    It is now working.  The root cause was identified to be from the firewall ruleset.  It did not have SSL as one of the applications allowed.  Thanks for all the help.