[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocol TLS to SSLv3

From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Protocol TLS to SSLv3
Date: Thu, 13 Dec 2012 10:43:25 -0600

   Hi Sherry,
   HTTPAPI will work with SSLv3 out-of-the-box.  There is no need to set
   any special options, it will "just work".
   The most common cause of the error message you've reported is when the
   HTTP server is using plain-text (non-SSL) communications, and HTTPAPI
   is using SSL.   In this case, HTTPAPI sends a request to negotiate SSL,
   and gets back a response of unencrypted HTTP traffic (which is not a
   valid SSL message, and therefore you get the "badly formatted message"
   error.
   If I'm correct and this is happening to you:
   1) Perhaps you are connecting to the wrong port?   HTTP requires
   separate ports for SSL and non-SSL connections.  Perhaps you've
   selected the non-SSL port by mistake?
   2) Perhaps the server is misconfigured, and is using non-SSL
   communications on the SSL port?
   3) Perhaps you have a proxy/firewall in place that is responding
   instead of the actual server?  In this case, HTTPAPI needs to be
   configured for your proxy with the http_setproxy() and
   http_proxy_setauth() routines as appropriate for your environment.
   An easy way to determine if this is happening, is to turn off SSL in
   HTTPAPI by changing the URL to "http" instead of "https" and see if it
   works and you get back a response, while keeping the same port number.
   This will tell you that the server is indeed communicating in non-SSL,
   and may make it clear that you are passing the wrong port number.
   If this is not the case, however -- then you will need to provide me
   with information about how to reproduce the problem.  If this problem
   is, indeed, a bug in HTTPAPI, I cannot fix it unless I can reproduce it
   on my own system.
   -SK

   On 12/12/2012 4:48 PM, Smith, Sherry K. wrote:

   This is what I am trying to do:

   I have a URL, that when called, simply produces a sequential number.
   This number will be used as a `Group Id'.

   My program will then take this group id number and associate a
   tab-delimited file (that I upload) with it for further processing by
   another business group in the organization.  The problem I am running
   into is our ISeries is trying to use TLS protocol, and the website URL
   I am trying to consume is using SSLv3.  The two are not playing nice
   with each other, and I am getting the following message: `"SSL
   Handshake: (GSKit) Peer not recognized or badly formatted message
   received."

   It appears COMMSSLR4 may have what I need to change the protocol, but I
   have no idea how to use it.  Has anyone ran into this problem or can
   give me some guidance on changing the ISeries protocol to SSLv3?


   Thanks,

   Sherry Smith


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
[1]http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References

   1. http://www.scottklement.com/mailman/listinfo/ftpapi

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- RE: Protocol TLS to SSLv3
  - From: Smith, Sherry K.

References:
- Protocol TLS to SSLv3
  - From: Smith, Sherry K.

Prev by Date: RE: http_debug_file and http_XmlStripCRLF not working?
Next by Date: RE: RE: How can i get XML result after execution of 'http_url_post_xml'
Previous by thread: Protocol TLS to SSLv3
Next by thread: RE: Protocol TLS to SSLv3
Index(es):
- Date
- Thread