[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cannot get SSL working on 7.2



Hi folks,

Really no ideas?

I do not understand the problem. Here is what I fugured out so far:

a) HTTPAPI works fine up to and including version 1.25 (tested with 1.25beta2).
b) I always get a http 400 " Your browser sent a request that this server could not understand." error starting with 1.26.
c) Debugging 1.25, 1.26 and 1.32 revealed that all versions use TLS 1.2. At least gsk_attribute_get_enum(GSK_PROTOCOL_USED) returns 596 for all tested versions of HTTPAPI.

I attached some more log files from stripped down test programs based on Example16.

Regards,

Thomas.

-----Ursprüngliche Nachricht-----
Von: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] Im Auftrag von Thomas Raddatz
Gesendet: Dienstag, 4. Oktober 2016 09:18
An: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Betreff: Cannot get SSL working on 7.2

Hi,

I tried to update HTTPAPI from 1.24beta11 to 1.32, but I cannot get SSL connections to work.

The problem is that the server returns a http 400 error (Your browser sent a request that this server could not understand.) instead of a soap message. I already tried to enable everything from SSL v2 to TLS v1.2 as well as disabling the latest TLS versions 1.1 and 1.2. No success so far. I am stuck.

I am almost sure, that the server uses TLS v1.2, because that is what the certificate shows (Firefox SSL Info):

"Verbindung verschlüsselt (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128-Bit-Schlüssel, TLS 1.2)."

On the other hand I wonder how HTTPAPI 1.24 could establish a TLS 1.2 connection. We are on 7.2 and the relevant system values are set to:

QSSLPCL:                *OPSYS
QSSLCSLCTL:        *OPSYS
QSSLCSL:                lists 29 cipher suites

I am sure I am missing something obvious.

Your help is greatly appreciated.

Regards,

Thomas.
--
IMPORTANT NOTICE:
This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender.
--
IMPORTANT NOTICE:
This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender.

Attachment: Example16B_Error_1.26.log
Description: Example16B_Error_1.26.log

Attachment: Example16B_Error_1.32.log
Description: Example16B_Error_1.32.log

Attachment: Example16B_OK_1.25.log
Description: Example16B_OK_1.25.log

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------