Diagnosing TLS and AT-TLS Handshake Failures on z/OS
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
2020,
SHARE Fort Worth 2020
1. Overview of encryption handshake message flow
- TLS vs. AT-TLS
- Packet Flow
- How to enable AT-TLS in TCPIP stack
2. Using Packet Trace to diagnosis handshaking failure
- IBM Packet Trace, FTP to desktop and use Wireshark for analysis
- MainView for IP to start/display packet trace, and diagnose with Trace Analyzer function
3. Using Syslog Daemon for TTLS error codes to diagnose
- enable logging in Policy Agent for TTLS
- EZD1286I and EZD1287I messages, error codes
- Diagnosing using manuals
- Using MainView for IP to display and collect TTLS error codes
- Setting alarms in MainView for IP to trigger and alert user when a TTLS error occurs on a handshake failure.
4. Diagnosing/Resolving common handshaking scenarios
- Certifcate expired
- Wrong TLS protocol
- No certificate
- Server not authorized-Mark Bauman-BMC Software
Back to Proceedings File Library