SSL error using x3270 <SOLVED>

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
Tony229
Level 1
Level 1
Posts: 1
Joined: Sat Feb 20, 2021 11:14 am

SSL error using x3270 <SOLVED>

Post by Tony229 »

Hi All
Let me start by stating that I'm a complete newbie so please excuse my ignorance.
I'm getting a "TLS: SSL_connect failed-1: reason(0)" error when using x3270 to connect to a host that only support TLSv1.0.
I'm using x3270 v4.0 running on Linux Miny 20 Cinnamon, Cinnamon version 4.6.7, Linux Kernel 5.4.0-64-generic.
I've run a wireshark trace and it looks like it's a protocol version issue so I'm assuming it's the TLS version.
I've tried updating my openssl.cnf file to allow TLSv1.0. (and rebooting)
I've tried prepending the host name with L:Y: when making the x3270 connection
All to no avail, I'm still getting the same error.
I've attached a copy of my openssl.cnf file, a copy of the wireshark conversation, and a copy of the x3270 trace.
Any assistance or suggestions would be appreciated.

Thanks
Tony

Update
After all this I managed to resolve the problem with this link from stackoverflow.
https://stackoverflow.com/questions/615 ... -available

As a newbie I was initially caught out as I had read earlier that the first section in the openssl.cnf file is the default section and spans until the first named section.
I took this to mean that I didn't need to specify "openssl_conf = default_conf" if I included the other settings at the top.
This is where I went wrong. My problem was solved once I specified "openssl_conf = default_conf" at the top and create a "[default_conf]" section at the bottom along with the ssl_conf sections.
I've attached my customized openssl_cust.cnf file for reference.

Regards
Tony
Attachments
openssl_cust.cnf.txt
customized openssl.cnf file
(11.09 KiB) Downloaded 11 times
wstrace-202102210330.txt
Wireshark conversation
(2.27 KiB) Downloaded 8 times
x3trc.2009.txt
x3270 trace file
(4.58 KiB) Downloaded 8 times
Post Reply