When attempting to connect a Remote Outqueue to an LPD Listener on an SLES 15 server, we are getting an error message indicating:
"Unable to encrypt connection: An unexpected TLS packet was received."

This is what they have configured for the LPD Listener:
#MWI LPD
# Enable LPD protocol
Listen 515
Listen /var/run/cups/cups.sock
DefaultEncryption IfRequested
#DefaultEncryption Never
#DefaultEncryption Required
#Encryption IfRequested
SSLOptions MinTLS1.0
SSLPort 515
SSLListen *:515

-----------------------------

We did ensure we have certificates installed correctly on our system, provided by them.

Is there a step-by-step for establishing this type of connection?

Ultimately, once received, we want to be able to redirect the received document to an alternate path, which we have a script prepared for, but first it needs to be received.

Thank you,

Randy Stevenson
MWI Animal Health

I did notice while looking at the certificates that we loaded, that none of them are 'assigned' to anything. What would we assign them to in order for the Remote Outqueue connection to the LPD Listener on port 515 to utilize one or more of them?

When attempting to connect a Remote Outqueue to an LPD Listener on an SLES 15 server, we are getting an error message indicating:
"Unable to encrypt connection: An unexpected TLS packet was received."

This is what they have configured for the LPD Listener:
#MWI LPD
# Enable LPD protocol
Listen 515
Listen /var/run/cups/cups.sock
DefaultEncryption IfRequested
#DefaultEncryption Never
#DefaultEncryption Required
#Encryption IfRequested
SSLOptions MinTLS1.0
SSLPort 515
SSLListen *:515

-----------------------------

We did ensure we have certificates installed correctly on our system, provided by them.

Is there a step-by-step for establishing this type of connection?

Ultimately, once received, we want to be able to redirect the received document to an alternate path, which we have a script prepared for, but first it needs to be received.

Thank you,

Randy Stevenson
MWI Animal Health

Dear Randy

>>>> I did notice while looking at the certificates that we loaded, that none of them are 'assigned' to anything.  <<<<

I assume your statement above is about IBM i side.   When you do a TLS connection, the mandatory TLS operation is for the server side (SLES for your case as it runs LPD) to do TLS server authentication and this has to do with using a digital certificate (stored in the server side) that is created in the server side itself (self-signed certificate) or from outside trusted CA (you did not state clearly which one you use:  We did ensure we have certificates installed correctly on our system, provided by them. ).   

After server authentication, there is an optional step of TLS client authentication which I see that it is not used much in my customers. But if you are actually using client authentication, you can try not using it to see if the problem goes away or not.  In this case, you need NO certificate on TLS client side (IBM i in your case). 

------------------------------
Satid S

Original Message:
Sent: Wed October 23, 2024 02:24 PM
From: Randy Stevenson
Subject: Unable to encrypt connection - Connecting iSeries 7.3 Remote Outq to LPD Listener on SLES 15

I did notice while looking at the certificates that we loaded, that none of them are 'assigned' to anything. What would we assign them to in order for the Remote Outqueue connection to the LPD Listener on port 515 to utilize one or more of them?

------------------------------
Randy Stevenson

Original Message:
Sent: Wed October 23, 2024 01:39 PM
From: Randy Stevenson
Subject: Unable to encrypt connection - Connecting iSeries 7.3 Remote Outq to LPD Listener on SLES 15

When attempting to connect a Remote Outqueue to an LPD Listener on an SLES 15 server, we are getting an error message indicating:
"Unable to encrypt connection: An unexpected TLS packet was received."

This is what they have configured for the LPD Listener:
#MWI LPD
# Enable LPD protocol
Listen 515
Listen /var/run/cups/cups.sock
DefaultEncryption IfRequested
#DefaultEncryption Never
#DefaultEncryption Required
#Encryption IfRequested
SSLOptions MinTLS1.0
SSLPort 515
SSLListen *:515

-----------------------------

We did ensure we have certificates installed correctly on our system, provided by them.

Is there a step-by-step for establishing this type of connection?

Ultimately, once received, we want to be able to redirect the received document to an alternate path, which we have a script prepared for, but first it needs to be received.

Thank you,

Randy Stevenson
MWI Animal Health

------------------------------
Randy Stevenson
------------------------------