[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Protocol TLS to SSLv3



Hi Scott,

I can indeed connect to sites by turning SSL off (using http:) without receiving any error messages, so according to your response I am passing the wrong port number.  I wasn't aware that I was passing a port number at all.
Below is a snip of my program that is causing the error:

URL = 'https://illinois.edu';
 // The IFS variable tells HTTPAPI where to put it on your local computer.
IFS = '/tmp/GroupId.txt';     
//*********************************************************       
// Now call HTTPAPI's "GET" routine.  Pass the above              
//  variables as parameters.  It'll download it to the IFS!       
//*********************************************************       
rc = http_url_get(URL: IFS);               
//********************************************************* 
//*  Error handling...                  
//********************************************************* 
// Check for Errors                      
if rc <> 1;                             
  http_crash();                         
  msg = http_error();                   
else;                                   
  msg = 'URL Get was successful!';      
endif;                                  
dsply msg;                              
msg = *blanks;        

Thanks for all your help!!
Sherry                  
                                                                                

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Thursday, December 13, 2012 10:43 AM
To: HTTPAPI and FTPAPI Projects
Subject: Re: Protocol TLS to SSLv3

Hi Sherry,

HTTPAPI will work with SSLv3 out-of-the-box.  There is no need to set any special options, it will "just work".

The most common cause of the error message you've reported is when the HTTP server is using plain-text (non-SSL) communications, and HTTPAPI is 
using SSL.   In this case, HTTPAPI sends a request to negotiate SSL, and 
gets back a response of unencrypted HTTP traffic (which is not a valid SSL message, and therefore you get the "badly formatted message" error.

If I'm correct and this is happening to you:

1) Perhaps you are connecting to the wrong port?   HTTP requires 
separate ports for SSL and non-SSL connections.  Perhaps you've selected the non-SSL port by mistake?

2) Perhaps the server is misconfigured, and is using non-SSL communications on the SSL port?

3) Perhaps you have a proxy/firewall in place that is responding instead of the actual server?  In this case, HTTPAPI needs to be configured for your proxy with the http_setproxy() and http_proxy_setauth() routines as appropriate for your environment.

An easy way to determine if this is happening, is to turn off SSL in HTTPAPI by changing the URL to "http" instead of "https" and see if it works and you get back a response, while keeping the same port number.  
This will tell you that the server is indeed communicating in non-SSL, and may make it clear that you are passing the wrong port number.

If this is not the case, however -- then you will need to provide me with information about how to reproduce the problem.  If this problem is, indeed, a bug in HTTPAPI, I cannot fix it unless I can reproduce it on my own system.

-SK



On 12/12/2012 4:48 PM, Smith, Sherry K. wrote:
>     This is what I am trying to do:
>
>     I have a URL, that when called, simply produces a sequential number.
>     This number will be used as a `Group Id'.
>
>     My program will then take this group id number and associate a
>     tab-delimited file (that I upload) with it for further processing by
>     another business group in the organization.  The problem I am running
>     into is our ISeries is trying to use TLS protocol, and the website URL
>     I am trying to consume is using SSLv3.  The two are not playing nice
>     with each other, and I am getting the following message: `"SSL
>     Handshake: (GSKit) Peer not recognized or badly formatted message
>     received."
>
>     It appears COMMSSLR4 may have what I need to change the protocol, but I
>     have no idea how to use it.  Has anyone ran into this problem or can
>     give me some guidance on changing the ISeries protocol to SSLv3?
>
>
>     Thanks,
>
>     Sherry Smith
>
>
>
> ----------------------------------------------------------------------
> - This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> ----------------------------------------------------------------------
> -

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------