DFHWB0732 402 No common ciphers negotiated from gsk_secure_socket_init of SSL connection issue
Hi, while trying to connect to a secure TLS 1.2 based fuse service via cics i am getting below mentioned issue:
DFHWB0732 402 No common ciphers negotiated from gsk_secure_socket_init of SSL connection issue
I checked other answers on this site but i am looking for more information like:
How can i make sure that my cics is supporting TLS 1.2.
How can i use trace so that actual error can be identified.
How can i see which cipher is getting picked for that particular connection in cics.
Please revert o me asap.
Thanks in advance
H @Rahulcoder007
To ensure you are using TLS 1.2 use the MINTLSLEVEL=TLS12 parameter in your system initialization table (SIT).
Additional information about MINTLSLEVEL is in the CICS TS documentation under ENCRYPTION (DEPRECATED).
If you have the SIT parameter set correctly then you should use the following instructions to activate SSL trace:
S GSKSRVR
Restart CICS. NOTE: This only needs to be done if the problem is occurring at startup. If not, then CICS does NOT need to be restarted.
Update GSKWTR PROC to add a dataset to hold the trace.
TRACE CT,WTRSTART=GSKWTR
TRACE CT,ON,COMP=GSKSRVR
R n,JOBNAME=yyy),OPTIONS=LEVEL=255),WTR=GSKWTR,END where yyy is the name of CICS.
Recreate the problem.
TRACE CT,OFF,COMP=GSKSRVR
TRACE CT,WTRSTOP=GSKWTR
Send dataset from GSKWTR PROC.
To view the Trace use IPCS and enter command CTRACE COMP(GSKSRVR) FULL.
The SSL Trace will show the Ciphers used, the protocol level used and show you the error that caused the request to be rejected.
If you still need help then I would open open a IBM Service Request.
Posted on Behalf of Ron Lee
IBM CICS Level2 Support