Trouble connecting with TLS

[mercierv]

Hey !
First of all, thank you very much for this tool, it's really helpful.
Currently I've been struggling to connect to an IBM-3278 with always receiving a SSL_handshake error at connexion.
I've setup the SESSION_SSL=NEVER for having a TLS connection (if I understood correctly the code), as well as the ZTI_SECLEVEL=1. But even tho I've done that, I can't get pass the SSL_handshake error.
Note that I'm not a pro in powershell, nor python.
Thanks in advance for your help !
Cheers,
Valentin

[najohnsn]

If you are not familiar with powershell, you may want to use cmd (command prompt) instead. I suspect your environment variables are not set the way you intended - there should be no ssl handshake with SESSION_SSL=NONE.

[mercierv]

Alright, I've sorted out the environment variable and now no more handshake. I've setup the SESSION_SSL as well as the ZTI_SECLEVEL=1 as my mainframe isn't a top notch one.
I still can't connect, but now I only have this small text error: SESLOST = the_name_of_my_mainframe
I was wondering if there is anyway of knowing which version of TLS is used (I need 1.0) and change it if needed ?
Thanks

[najohnsn]

With SESSION_SSL=NONE, there is no TLS/handshake. Given the server disconnected you (and that you said you need Tls 1.0), you need one. So, you want SESSION_SSL=1 (or not set). Try setting SESSION_SSL_MINIMUM_TLS=1.0 (see #138). I believe the SSL library usually won't let that go below 1.2.

FYI: I've had success in the past telling sysadmins about being forced to use insecure settings to connect. The result has been the server being upgraded with modern/secure settings. If you know how to contact the sysadmin, that is also something to try.

[mercierv]

That's awesome, thank you for your help !

And for the sysadmin, I'm already in the process of challenging them and pushing them to upgrade. Hard work, but I'm getting there slowly.