Informix

Expand all | Collapse all

Network encryption using GSSCSM and Informix

  • 1.  Network encryption using GSSCSM and Informix

    Posted Tue June 01, 2021 01:42 AM
    Hi group

    has anybody experience with using informix network encryption
    I successfully implemented encryption using GSSCSM and the default cypher arcfour-hmac

    concsm.config on server
    GSSCSM("/informix/lib/csm/libixgss.so", "","c=1,i=1")
    Concsm.config on client
    GSSCSM("C:\Program Files\IBM Informix ClientSDK\lib\client\csm\igsss11a.dll", "", "c=1,i=1")

    As arcfour-hmac is week and no longer supported on the OS release I need to switch to AES256-SHA1 encryption
    According to the documentation the concsm file should look like :

    Concsm.config on server
    GSSCSM("/informix/lib/csm/libixgss.so", " cipher[AES256-SHA1]", "c=1,i=1")
    Concsm.config on client
    GSSCSM("C:\Program Files\IBM Informix Client SDK\lib\client\csm\igsss11a.dll", "cipher[AES256-SHA1]", "c=1,i=1")

    but no I cannot connect to informix and the server only throws the messages:

    listener-thread: err = -5000: oserr = 0: CSM error: gss_accept_sec_context: Unspecified GSS failure. Minor code may provide more information Unknown error


    Any Idea what may be wrong here

    Thanks for any hints

    Rainer

    ------------------------------
    Rainer von Bongartz
    ------------------------------


  • 2.  RE: Network encryption using GSSCSM and Informix

    Posted Tue June 01, 2021 08:53 AM
    Just this from the TFM - maybe raise a  PMR and double check it should work

    A CSM (Communications Support Module), in the database server or in the client, detected an error.

    This error code is a general CSM error code. It can be used by individual CSMs to reflect different error conditions. The text provides clues about the possible cause of the error.

    If the confidentiality option is enabled for a particular CSM, you might see the following example of this error code: "CSM error: CSM: received message of unexpected type." This implies that the CSM on the user's side (either database server side or client application side) cannot interpret the messages it receives. Make sure that the confidentiality option is set for both the database server and the client application.

    Check your sqlhosts file and CSS configuration file. Check the error message on the other side (either database server side or client application side) for more clues about the possible cause of the error.

    Also make sure that the CSM you are using is supported by the database server or the client SDK. If the problem persists, contact IBM Informix Technical Support or the CSM vendor. Have the following information available: CSS configuration files and sqlhosts information for both the client and the database server.


    Paul Watson
    Oninit LLC
    +1-913-387-7529
    www.oninit.com
    Oninit®️ is a registered trademark of Oninit LLC