Linemode connection instead of 3270.
I'm using hummingbird(new version 13) with SSL support (selfsigned certificate). I'm failing on Linemode connection which means my max_cmd_len is 0 within my scexit exec. I'm on z/VM 5.4 and CMS SSL services 390 engine with VMSECURE active. I switched the same hummingbird session IP address to my LINUX VM system, same configuration, and connected without a problem using SSL so I don't think it is the Hummingbird session definitions. No VMSECURE running in the Linux VM. Don't think VMSECURE is the problem but I thought I mention it. Has anyone ran into this problem or has any ideas why TCPIP sets the connection with max_cmd_len of 0? Hans /*-*/ /* Get the required input arguments. */ /*-*/ Arg foreign_ipaddr, server_port, max_cmd_len, foreign_port, LU_name, , local_ipaddr /*-*/ /* Indicate the type of Telnet connection requested. */ /*-*/ If (max_cmd_len = 0) Then Say ident Linemode connection from: foreign_ipaddr foreign_port Else Do Say ident 3270 connection from: foreign_ipaddr foreign_port Parse Var foreign_ipaddr ip1 '.' ip2 '.' ip3 '.' ip4
Re: Linemode connection instead of 3270.
On Wednesday, 05/26/2010 at 10:21 EDT, Hans Rempel h...@hmrconsultants.com wrote: I?m using hummingbird(new version 13) with SSL support (selfsigned certificate). I?m failing on Linemode connection which means my max_cmd_len is 0 within my scexit exec. I?m on z/VM 5.4 and CMS SSL services 390 engine with VMSECURE active. I switched the same hummingbird session IP address to my LINUX VM system, same configuration, and connected without a problem using SSL so I don?t think it is the Hummingbird session definitions. No VMSECURE running in the Linux VM. Linemode telnet is securable with SSL using application-transparent TLS (AT-TLS), which VM sometimes refers to as static SSL. In this scenario you configure port 23 (for example) with the SECURE option in the PORT list. SSL/TLS sessions must be established before any protocol-specific data flows on the connection (a la https). There are no RFCs (draft or otherwise) that I'm aware of that provide for negotiated SSL for linemode telnet. There *is* RFC 2946 for general telnet encryption, but it doesn't use SSL/TLS and VM doesn't support it. Perhaps Linux and Hummingbird support it? Don?t think VMSECURE is the problem but I thought I mention it. The ESMs are not involved in SSL. Has anyone ran into this problem or has any ideas why TCPIP sets the connection with max_cmd_len of 0? The purpose of the command line is to allow you to issue DIAL commands for 3270 sessions. Since linemode terminals can't DIAL, there's no provision in the exit to let you issue a command. Alan Altmark z/VM Development IBM Endicott
Re: Linemode connection instead of 3270.
Hi Alan. Thanks for the reply but I guess I was not clear in what my problem is. I DON'T want to use line mode to to connect. I want 3270 fullscreen mode but it appears to connect with line mode. I've checked my configuration on both VM systems which are both using CMS SSL and can't see what I have missed? I also renamed the label of the self-signed certificate and created a new one to match the name on my TCPIP stack and recycle SSLSERV. I think I will create a test tcp/ip stack and sslserv server to see if I get the same results. Don't want to play with the production stack too much. Hans -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: May-26-10 11:16 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Linemode connection instead of 3270. On Wednesday, 05/26/2010 at 10:21 EDT, Hans Rempel h...@hmrconsultants.com wrote: I?m using hummingbird(new version 13) with SSL support (selfsigned certificate). I?m failing on Linemode connection which means my max_cmd_len is 0 within my scexit exec. I?m on z/VM 5.4 and CMS SSL services 390 engine with VMSECURE active. I switched the same hummingbird session IP address to my LINUX VM system, same configuration, and connected without a problem using SSL so I don?t think it is the Hummingbird session definitions. No VMSECURE running in the Linux VM. Linemode telnet is securable with SSL using application-transparent TLS (AT-TLS), which VM sometimes refers to as static SSL. In this scenario you configure port 23 (for example) with the SECURE option in the PORT list. SSL/TLS sessions must be established before any protocol-specific data flows on the connection (a la https). There are no RFCs (draft or otherwise) that I'm aware of that provide for negotiated SSL for linemode telnet. There *is* RFC 2946 for general telnet encryption, but it doesn't use SSL/TLS and VM doesn't support it. Perhaps Linux and Hummingbird support it? Don?t think VMSECURE is the problem but I thought I mention it. The ESMs are not involved in SSL. Has anyone ran into this problem or has any ideas why TCPIP sets the connection with max_cmd_len of 0? The purpose of the command line is to allow you to issue DIAL commands for 3270 sessions. Since linemode terminals can't DIAL, there's no provision in the exit to let you issue a command. Alan Altmark z/VM Development IBM Endicott
Re: Linemode connection instead of 3270.
On Wednesday, 05/26/2010 at 01:33 EDT, Hans Rempel h...@hmrconsultants.com wrote: Hi Alan. Thanks for the reply but I guess I was not clear in what my problem is. I DON'T want to use line mode to to connect. I want 3270 fullscreen mode but it appears to connect with line mode. That's because the negotiation to TN3270E has failed in some way. I've checked my configuration on both VM systems which are both using CMS SSL and can't see what I have missed? You'll need to run an emulator trace to see what's happening. Alan Altmark z/VM Development IBM Endicott