[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SHA-256 certificates and TLS 1.0 for HTTPS
Thanks, Ian. I can continue playing with it as well. I was partially just looking for some clarification on whether it is even possible or not so that I didn't waste time if it isn't. If I am able to get it to work, I will let you know. Have a great vacation.
Bob
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Ian Patterson
Sent: Thursday, July 16, 2015 10:36 AM
To: HTTPAPI and FTPAPI Projects
Subject: Re: SHA-256 certificates and TLS 1.0 for HTTPS
I am in the process of testing V5R4 and SHA256 / TLS 1.2
Unfortunately (for you) I am now on a long vacation and won't pick up the project again until September.
My understanding is that V5R4 will support TLS 1.1 / 1.2 with SHA256 and I intend hopefully to make that work.
Regards
Ian Patterson
On 16/07/2015 15:57, Robert Romano wrote:
> Hello,
>
>
> I was hoping to re-open the discussion on "v5r4 SHA-256 certificates
> and TLS 1.0 for HTTPS" from earlier this year. I have a similar issue
> where I am stuck on V5R4 of the operating system (long story) and until
> recently was able to use HTTPAPI with a partner using a SHA 1
> certificate. They have moved to a SHA2 cert and I now receive an error
> message "SSL Handshake: (GSKit) Certificate was rejected by the
> application supplied exit".
>
>
> I see the assertion from a March 12, 2015 post that SHA2 requires
> TLS1.1 or TLS1.2 which are not available for V5R4, but I also see many
> references on IBM's web site that say the V5R4 does support SHA-256. I
> created a new *SYSTEM cert in the certificate store with a size of 256
> and made it the default but get the same error. Is supporting SHA2
> possible on V5R4 and, if so, does anyone have any advice on what I need
> to do?
>
>
> Thanks for any help.
>
>
> Bob
>
>
>
> ----------------------------------------------------------------------
> - This is the FTPAPI mailing list. To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> ----------------------------------------------------------------------
> -
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------