[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Difference Version 1.24 and 1.32
Alexander,
In version 1.26 and later, I changed HTTPAPI so that SSL version 3 is
disabled by default. This was done because major security
vulnerabilities were found in that version of the protocol, and security
experts were warning that continued use of SSLv3 was not safe.
Could this be the problem? Does the site you're accessing require SSLv3?
If so, you can tell HTTPAPI to use SSLv3 by calling https_init() before
using SSL in your program. For example:
https_init(*blanks: *OFF: *ON: *ON: *ON: *ON);
The 3rd parameter (the first *ON in the example above) controls whether
SSLv3 is enabled. By default this is *OFF.
Good luck!
On 9/1/2016 7:45 AM, Alexander Grünwald wrote:
Hello !!
I am actually struggeling with proxy access and tried to use a later
version 1.32 instead of the 1.24 I am still using in production. Using
the same program and access with version 1.24 works fine (see debug log
below):
HTTPAPI Ver 1.24 released 2012-01-23
OS/400 Ver V7R1M0
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
http_setauth(): entered
https_init(): entered
-----------------------------------------------------------------------
--------------
Dump of local-side certificate information:
-----------------------------------------------------------------------
--------------
http_url_post(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: eb.lan.at
DNS server found: 10.3.42.1
DNS server found: 10.3.42.2
-----------------------------------------------------------------------
--------------
Dump of server-side certificate information:
-----------------------------------------------------------------------
--------------
Cert Validation Code = 0
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Serial Number: 41:C2:BA:71:14:31:28:E4:16:34:1B:64:23:2A:44:42
Common Name: secure.armstrongconsulting.com
Org: Domain Validated, OU=Thawte SSL123 certificate, OU=Go to
https://www.thawte.com/repository/index.html
Issuer CN: Thawte DV SSL CA
Issuer Country: US
Issuer Org: Thawte, Inc.
Issuer Org Unit: Domain Validated SSL
Version: 3
not before: 20140505020000
Unknown Field: 02:00:00 05-05-2014
not after: 20170508015959
Unknown Field: 01:59:59 08-05-2017
pub key alg: 1.2.840.113549.1.1.5
Protocol Used: TLS Version 1
http_persist_post(): entered
http_persist_req(POST) entered.
http_long_ParseURL(): entered
do_oper(POST): entered
There are 0 cookies in the cache
POST /cofaserve/api/webservices/test/V2/insurancePortfolio HTTP/1.1
Host: app-proxy.eb.lan.at:10071
User-Agent: SOAP Toolkit 3.0
Content-Type: text/xml; charset="UTF-8"
SOAPAction:
https://cofaserve.coface.com/insuranceProducts/V1/companySearch
Content-Length: 812
Authorization: Basic Q0cxNjAxMzA6Nzc4OTEy
senddoc(): entered
.....
recvresp(): entered
HTTP/1.1 200 OK
Date: Thu, 01 Sep 2016 12:44:08 GMT
Server: Werkzeug/0.11.4 Python/2.7.11
Content-Type: text/xml; charset=utf-8
Content-Length: 1417
Via: 1.1 secure.armstrongconsulting.com:10071
Vary: Accept-Encoding
SetError() #13: HTTP/1.1 200 OK
recvresp(): end with 200
recvdoc parms: identity 1417
header_load_cookies() entered
recvdoc(): entered
SetError() #0:
....
http_close(): entered
Only changing the library to version 1.32 (changing my BndDir statement
and the /copy modules) doesn´t work. What might be the difference that
leads to this ?:
HTTPAPI Ver 1.32 released 2016-02-10
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R1M0
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
http_setauth(): entered
https_init(): entered
QSSLPCL = *OPSYS
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
-----------------------------------------------------------------------
--------------
Dump of local-side certificate information:
-----------------------------------------------------------------------
--------------
http_url_post(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: eb.lan.at
DNS server found: 10.3.42.1
DNS server found: 10.3.42.2
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: app-proxy.eb.lan.at
(GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch
formatiert.
ssl_error(415): (GSKit) Peer hat empfangene Nachricht nicht erkannt
oder falsch formatiert.
SetError() #30: SSL Handshake: (GSKit) Peer hat empfangene Nachricht
nicht erkannt oder falsch f
Just translating: "(GSKit) Peer not recognized or badly fomratted
message received"
Thanks a lot for the support.
Mit freundlichen Grüßen/Best regards Mag. Alexander Grünwald
Geschäftsführer/Projektmanagement
SOB Datenverarbeitungsges.m.b.H.
Albrechtstraße 60/9
A-3400 Klosterneuburg
Tel. +43/2243/37201
Fax. +43/2243/37201/5
Mail: [1]alexander.gruenwald@xxxxxxxxxxx
References
1. mailto:alexander.gruenwald@xxxxxxxxxxx
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------