Hi Alan. Thanks for the reply but I guess I was not clear in what my problem is. I DON'T want to use line mode to to connect. I want 3270 fullscreen mode but it appears to connect with line mode. I've checked my configuration on both VM systems which are both using CMS SSL and can't see what I have missed?
I also renamed the label of the self-signed certificate and created a new one to match the name on my TCPIP stack and recycle SSLSERV. I think I will create a test tcp/ip stack and sslserv server to see if I get the same results. Don't want to play with the production stack too much. Hans -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: May-26-10 11:16 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Linemode connection instead of 3270. On Wednesday, 05/26/2010 at 10:21 EDT, Hans Rempel <h...@hmrconsultants.com> wrote: > I?m using hummingbird(new version 13) with SSL support (selfsigned > certificate). I?m failing on Linemode connection which means my max_cmd_len is > 0 within my scexit exec. I?m on z/VM 5.4 and CMS SSL services 390 engine with > VMSECURE active. > > I switched the same hummingbird session IP address to my LINUX VM system, same > configuration, and connected without a problem using SSL so I don?t think it is > the Hummingbird session definitions. No VMSECURE running in the Linux VM. Linemode telnet is securable with SSL using application-transparent TLS (AT-TLS), which VM sometimes refers to as "static SSL". In this scenario you configure port 23 (for example) with the SECURE option in the PORT list. SSL/TLS sessions must be established before any protocol-specific data flows on the connection (a la https). There are no RFCs (draft or otherwise) that I'm aware of that provide for negotiated SSL for linemode telnet. There *is* RFC 2946 for general telnet encryption, but it doesn't use SSL/TLS and VM doesn't support it. Perhaps Linux and Hummingbird support it? > Don?t think VMSECURE is the problem but I thought I mention it. The ESMs are not involved in SSL. > Has anyone ran into this problem or has any ideas why TCPIP sets the connection > with max_cmd_len of 0? The purpose of the command line is to allow you to issue DIAL commands for 3270 sessions. Since linemode terminals can't DIAL, there's no provision in the exit to let you issue a command. Alan Altmark z/VM Development IBM Endicott
