[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suggestions on missing config- Do we need to Crypto access product installed ?
I did that specifically because UPS sent me this email when i contacted
them regarding the error when i first encountered it.�
"Currently the production servers of Host are setup to only receive PLD
files that have SSLv3 enabled. So if the system being used does not
have SSLv3 enabled the communication would fail. This would also be a
possible reason as to why the connection is timing out. Our development
team is still working on the details about when and how the server will
be converted from SSLv3 only to TLS. Which at the moment we do not have
an ETA for when this will be completed. However the development (test)
servers have been converted to TLS connections only. So if you attempt
to transmit to the development site with SSLv3 only it would fail
because the servers are setup to refuse communication."
�
On Wed, Dec 24, 2014 at 1:21 PM, Scott Klement <[1]sk@xxxxxxxxxxxxxxxx>
wrote:
Krish,
Your call to https_init() will disable everything except SSLv3.
SSLv3 is very insecure -- this is not a good idea.� Why would you
do that??� When I connected to UPS, it was using TLS v1.0, which is
much more secure... I don't understand why you are forcing it to use
SSLv3?
GSKit is, as far as I know, part of the core operating system. But,
the Digital Certificate Manager which is used to manage SSL/TLS
certificates may be the cause of the problem, here... this has it's
own option.
On 12/23/2014 11:33 PM, Krish Thirumalai wrote:
� � The initial error i got was gsKit operation not supported by
SSL when i
� � had the application id defined as UPS and not blanks. I was
able to get
� � past that error with the blank application id.�
� � https_init(*blanks:*OFF:*ON:*OFF:*OFF:*OFF); �� �� �� � �
� � I just took your suggestion. I commented out the
SSL_Debug_cert_infp in
� � the COMMSSLR4 module, commssl_upgrade procedure and was able
to post
� � successfully to UPS and get a response back. I think it is
something in
� � the gsKit that is an issue. Do you happen to know which
licensed
� � program the gsKit is included with or is it now bundled with
the OS
� � from V7R2 ? I can have the sys admin reinstall and see if that
helps.
� � here is the rest of the debug log after i did that.
� �
-----------------------------------------------------------------------
This is the FTPAPI mailing list.� To unsubscribe, please go to:
[2]http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
References
1. mailto:sk@xxxxxxxxxxxxxxxx
2. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------