IBM Support

Failure to connect to TN3270 server with AT-TLS

Question & Answer


Question

The TN3270 server has been configured to use secure connections by defining AT-TLS policies. But there are a subset of users that are unable to successfully establish a connection to that server. There are no error messages associated with these attempts, the user just gives up (closes the emulator window).

Answer

The AT-TLS policy associated with this server port has HandshakeTimeout 0 specified in the TTLSEnvironmentAdvancedParms statement. When a client system emulator connecting to this port does not immediately begin the SSL handshake, the connection will sit in that state with no progress. Specifying a non-zero HandshakeTimeout (or letting it default to 10 seconds) will cause the server to send a telnet DO START TLS message which will cause the client to initiate the handshake.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Document Information

Modified date:
30 January 2018

UID

dwa1427944