Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Can I get some clue on disabling SSLv1, v3 and TLS1.0 on AIX
Operating Systems AIX Can I get some clue on disabling SSLv1, v3 and TLS1.0 on AIX Post 302973262 by Aia on Monday 16th of May 2016 09:24:13 PM
Old 05-16-2016
Those are broken cryptographic protocols used by applications with the need to secure the transmission transport part of the communication. Think of web services or mail services.
It is not at the OS level. It is at the application level. Therefore, if you are charged to disabled these old and broken versions of the TLS and SSL, you must learn what configuration must be changed to the application to prevent it from using it.
 

6 More Discussions You Might Find Interesting

1. Programming

I have no clue what's the point - fcntl() ?

hi, I need to know how to lock a file. I used the following code, but after executing the program the file 'write.txt' remined empty, and I have no idea why.Maybe I'm not using the corresponding syntax for blocking a file. But I deleted then the blocking part and the problem persisted. see to... (2 Replies)
Discussion started by: atticus
2 Replies

2. Solaris

Filesystem filling up and no clue as to why!

df shows that the filesystem is filling up and the usage is 94%. However when I actually traverse to the directory I du shows only about 10% of the space occupied! Below is the output of df and du: >>>df -kh /cbmdata/00 470M 393M 29M 94% /cbmdata/00 >>>/cbmdata/00>... (3 Replies)
Discussion started by: zombiezparadize
3 Replies

3. AIX

Disabling an ASCI terminal in AIX versions 3 and 4

Hi, I tried to do some research on this subject, but got nothing conclusive. I have the following need: I have different servers with AIX versions 3.2.5 through 4.3.2. Some of them have two ASCI terminals connected. I have a shell script that is executed by a user on the main console... (2 Replies)
Discussion started by: andrei_r20
2 Replies

4. AIX

Disabling SSH direct access for an AIX user

Hello everyone, Can anyone help me please. I want to disable SSH direct access for an AIX user. For example, if I have USER1 and USER2. I want to disactivate direct access for USER2. The user must enter his login (USER1) and his password and then he can do su - USER2 . Thanks, (3 Replies)
Discussion started by: adilyos
3 Replies

5. AIX

Disabling SNMP in AIX 7.1

Hi, I am planning to disable SNMP in our AIX LPARs. wanted to see by disabling in a test LPAR. before that, I would like to check disabling this SNMP will impact any of our application or database in anyway. what kind of other software depends on these SNMP daemons ? Can you please let me... (9 Replies)
Discussion started by: system.engineer
9 Replies

6. AIX

Disabling entries on inetd.conf (AIX).

Hello, We're working on securing the AIX environment. started with disabling unused services on AIX. Below are the entries which are not commented on my test LPAR (even other LPARs). ntalk dgram udp wait root /usr/sbin/talkd talkd daytime stream tcp nowait root... (1 Reply)
Discussion started by: system.engineer
1 Replies

LEARN ABOUT CENTOS

ssl_get_error

SSL_get_error(3)						      OpenSSL							  SSL_get_error(3)

NAME

       SSL_get_error - obtain result code for TLS/SSL I/O operation

SYNOPSIS

	#include <openssl/ssl.h>

	int SSL_get_error(const SSL *ssl, int ret);

DESCRIPTION

       SSL_get_error() returns a result code (suitable for the C "switch" statement) for a preceding call to SSL_connect(), SSL_accept(),
       SSL_do_handshake(), SSL_read(), SSL_peek(), or SSL_write() on ssl.  The value returned by that TLS/SSL I/O function must be passed to
       SSL_get_error() in parameter ret.

       In addition to ssl and ret, SSL_get_error() inspects the current thread's OpenSSL error queue.  Thus, SSL_get_error() must be used in the
       same thread that performed the TLS/SSL I/O operation, and no other OpenSSL function calls should appear in between.  The current thread's
       error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably.

RETURN VALUES

       The following return values can currently occur:

       SSL_ERROR_NONE
	   The TLS/SSL I/O operation completed.  This result code is returned if and only if ret > 0.

       SSL_ERROR_ZERO_RETURN
	   The TLS/SSL connection has been closed.  If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned only if a closure
	   alert has occurred in the protocol, i.e. if the connection has been closed cleanly. Note that in this case SSL_ERROR_ZERO_RETURN does
	   not necessarily indicate that the underlying transport has been closed.

       SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
	   The operation did not complete; the same TLS/SSL I/O function should be called again later.	If, by then, the underlying BIO has data
	   available for reading (if the result code is SSL_ERROR_WANT_READ) or allows writing data (SSL_ERROR_WANT_WRITE), then some TLS/SSL
	   protocol progress will take place, i.e. at least part of an TLS/SSL record will be read or written.	Note that the retry may again lead
	   to a SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition.	There is no fixed upper limit for the number of iterations that may be
	   necessary until progress becomes visible at application protocol level.

	   For socket BIOs (e.g. when SSL_set_fd() was used), select() or poll() on the underlying socket can be used to find out when the TLS/SSL
	   I/O function should be retried.

	   Caveat: Any TLS/SSL I/O function can lead to either of SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE.  In particular, SSL_read() or
	   SSL_peek() may want to write data and SSL_write() may want to read data.  This is mainly because TLS/SSL handshakes may occur at any
	   time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any
	   pending handshakes.

       SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
	   The operation did not complete; the same TLS/SSL I/O function should be called again later. The underlying BIO was not connected yet to
	   the peer and the call would block in connect()/accept(). The SSL function should be called again when the connection is established.
	   These messages can only appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.  In order to find out, when the connection
	   has been successfully established, on many platforms select() or poll() for writing on the socket file descriptor can be used.

       SSL_ERROR_WANT_X509_LOOKUP
	   The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again.  The
	   TLS/SSL I/O function should be called again later.  Details depend on the application.

       SSL_ERROR_SYSCALL
	   Some I/O error occurred.  The OpenSSL error queue may contain more information on the error.  If the error queue is empty (i.e.
	   ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the
	   protocol.  If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).

       SSL_ERROR_SSL
	   A failure in the SSL library occurred, usually a protocol error.  The OpenSSL error queue contains more information on the error.

SEE ALSO

       ssl(3), err(3)

HISTORY

       SSL_get_error() was added in SSLeay 0.8.

1.0.1e								    2013-02-11							  SSL_get_error(3)
All times are GMT -4. The time now is 10:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy