I think we have our problem resolved. We had an incorrect comment placement on the last OBEYFILE PORT setting for port 8823.
Thanks for the help, Tim -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Tim Joyce Sent: Wednesday, August 06, 2008 1:52 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL connection problem after IPL Hey Alan, I used OBEYFILE to change port 9999 to: PORT 9999 TCP SSLSERV ; SSL SERVER - ADMINISTRATION ; Here is the 'netstat conn (select vtubessl' results: VM TCP/IP Netstat Level 520 Active IPv4 Transmission Blocks: User Id Conn Local Socket Foreign Socket State ---- -- ---- ----- ------ ------- ------ ----- VTUBESSL 1201 *..8823 *..* Listen VTUBESSL 1271 10.1.4.60..8823 10.4.2.193..1302 Established VTUBESSL 1090 10.1.4.60..8823 10.2.5.17..1735 Established VTUBESSL 1073 10.1.4.60..8823 10.2.4.44..1132 Established VTUBESSL 1289 10.1.4.60..8823 10.2.4.67..4782 Established VTUBESSL 1058 10.1.4.60..8823 10.2.4.56..1508 Established VTUBESSL 1101 10.1.4.60..8823 10.2.4.101..1129 Established VTUBESSL 1165 10.1.4.60..8823 10.2.4.86..2168 Established VTUBESSL 1080 10.1.4.60..8823 10.2.5.17..2897 Established VTUBESSL 1010 10.1.4.60..8823 10.4.2.93..1839 Established VTUBESSL 1206 10.1.4.60..8823 10.2.5.82..4135 Established Keep in mind, to get our SSL users using port 8823 in to VTUBESSL, we had them specify "SECURITY NONE" on there client, so they are not coming in secure until we get this resolved. Also, When I issue a SSLADMIN TRACE NORMAL ALL or SSLADMIN TRACE CONN ALL and then try to SECURE TELNET (waiting for SSL handshake error) then SSLADMIN LOG to check the log, I get nothing : 00470 DTCSSL003I SSLADMIN received: TRACE CONNECTIONS NODATA ALL 00471 DTCSSL047I Trace established 00472 DTCSSL003I SSLADMIN received: LOG Would this not indicate that the handshake request is not getting to the SSLSERV? Tim -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Wednesday, August 06, 2008 1:34 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL connection problem after IPL On Wednesday, 08/06/2008 at 11:25 EDT, Tim Joyce <[EMAIL PROTECTED]> wrote: > Yep, running z/VM 5.2. Here is my secure telnet PORT statement: > > 8823 TCP VTUBESSL SECURE ALCERT ; SECURE TELNET TO VTUBESSL (And please remove the SECURE statement from port 9999. It doesn't go there.) > User Id Conn Local Socket Foreign Socket State > ---- -- ---- ----- ------ ------- ------ ----- > SSLSERV 1226 *..1025 *..* Listen > SSLSERV 1046 127.0.0.0..9999 *..* Listen > > Active IPv6 Transmission Blocks: None > > Should I not have a port 8823 socket, or would it only show for an active > session? What is the 1025 for? You need to look at the socket connections for VTUBESSL, not SSLSERV. Port 1025 is the SSL server listening for new SSL connections from the stack. (We probably shouldn't display that.) Alan Altmark z/VM Development IBM Endicott