[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] ssl_error(410): (GSKit) Peer not recognized or badly formatted message received

Hi everybody,

Yesterday we were able to solve the problem with the function http_init (* blanks Off OFF ON OFF OFF) and the modification of the system value QSSLPCL (* TLSV1 * TLSV1.1).


Thanks to everyone for the tips as they were very helpful.

2017-10-27 12:24 GMT-03:00 Cynthia Marsellus <Cynthia.Marsellus@xxxxxx>:

Hi Everybody,

The website:  https://www.ssllabs.com/ssltest/index.html  provides  free online service that does a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service.   I used  it recently  to get the cipher  

 Suite used.    

 

 

From: ftpapi-bounces@lists.scottklement.com [mailto:ftpapi-bounces@lists.scottklement.com] On Behalf Of Luciano Concilio
Sent: Thursday, October 26, 2017 3:25 PM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] ssl_error(410): (GSKit) Peer not recognized or badly formatted message received

 

Thank you very much for your prompt response.

We are inclined to this problem that you describe:

I've also received this error when connecting to a site where the SSL/TLS was a version that I didn't have on IBM i, or that iI had different ciphers configured than the site used.  In those cases, simply configuring the system to use newer versions and/or adding ciphers helped.


As we saw in the HTTPAPI_DEBUG.TXT of the AS400 operating version SSL = (Protocol Used: TLS Version 1). which is the same that we use to connect to the AS400 that gives error.
-Now how do we know which encryption server uses the one we want to connect to? can we find it in HTTPAPI_DEBUG.TXT?
-if we find out what encryption it uses as we change that of our AS400?

-Our question is why it works on the AS400 with V6R1 and does not do it on the AS400 with V7R2. Do you know if anything changed on the OS400?

Thank you

 

2017-10-26 15:42 GMT-03:00 Scott Klement <sk@xxxxxxxxxxxxxxxx>:

Hi Luciano,

HTTPAPI uses the SSL support that is built into the operating system.  In this case, the error "Peer not recognized or badly formed message..." means that it doesn't understand the SSL type/format of the system it's connecting to.

I've received this error when accidentally connecting to a non-SSL site with an https: URL.  Since the site wasn't talking SSL, the SSL routines got confused and complained that it was "badly formed".

I've also received this error when connecting to a site where the SSL/TLS was a version that I didn't have on IBM i, or that iI had different ciphers configured than the site used.  In those cases, simply configuring the system to use newer versions and/or adding ciphers helped.

-SK



On 10/26/2017 12:52 PM, Luciano Concilio wrote:

Hi everybody,

On the production server we have OS / 400 V6R1 and HTTPAPI (1.24) and WebService consumes without any problems.

On another server we update the OS / 400 to V7R2 with HTTPAPI (1.38) and we get the following error only when it is https: Peer not recognized or badly formatted message received

Apparently the connection is not established or the certificate can not be downloaded from the server to which I want to connect for some reason.

We have everything set up as the README.TXT says in the application.



there is a solution for this bag?

HTTPAPI_DEBUG.TXT:

HTTPAPI Ver 1.38 released 2017-10-09
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R2M0

https_init(): entered
SetError() 25: SSL environment was already initialized]
http_url_post(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry  : 2
DNS resolver options: x'00000136'
DNS default domain: GRIMALDIGRASSI.COM.AR <http://GRIMALDIGRASSI.COM.AR>
DNS server found: 10.0.0.3
DNS server found: 10.0.0.4
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: www.siogranos.com.ar <http://www.siogranos.com.ar>
(GSKit)Peer not recognized or badly formatted message received.
ssl_error(410): (GSKit) Peer not recognized or badly formatted message received.SetError() 30: SSL Handshake: (GSKit) Peer not recognized or badly formatted message received.

Thank you in advance.





--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi



 

--

Luciano.

El mejor amigo del hombre es el perro y el mejor amigo del perro es otro perro.


--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi




--
Luciano.

El mejor amigo del hombre es el perro y el mejor amigo del perro es otro perro.
-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi