[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] Using HTTPAPI getting the error below



I bet you are right. I think for me it started a few weeks ago. So I wouldn’t be surprised if the “load balanced”/farm is being updated.

 

Michael Mayer-Oakes

Data Scientist

500 Crocker Drive. Vacaville, CA. 95688

Phone: 707-452-2868 | www.mariani.com

 

 

Celebrating over 100 years of being your Global Supplier of Dried Fruits and Snacks.

 

Please consider the environment before printing this email.

 

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Thursday, June 18, 2020 10:45 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] Using HTTPAPI getting the error below

 

I wonder what the chances are that a few of the servers on their "farm" have different cipher suite lists.

 

I know a few years ago I had similar problems with Microsoft and their SMTP server farm.  When they updated their cert it took about 2 weeks for the new cert to "propagate" to the other servers, so sometimes they would get Not Trusted errors (because of a new cert) and other times they wouldn't.  It was very odd.



Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #19: The ability to turn off "Strict SSL" settings. This means no importing Certificate Authorities (CAs) unless you want to.

 

On Thu, Jun 18, 2020 at 11:18 AM Michael Mayer-Oakes <mmayer-oakes@xxxxxxxxxxx> wrote:

Hi Jens-

 

I am using a webservice offered by UPS but we might be having a similar issue. I am on V7R1 which is EOL but I see you are on V7R3, and I think that my issue comes down to that. Having said all that I a no expert on SSL, just lucky enough to find Scott’s open source work years ago and have been using at this and a previous employer.

 

I suspect you have a problem with supported protocols, Scott sent me this link, it is for V7R4 so you’ll need the previous O/S version

 

https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/apis/gsk_secure_soc_init.htm

 

Lastly the URL below has come in handy for me in the past. It scans a web site and returns various facts like protocols and certificates it supports. Very handy when looking at why I can’t connect to a site. Haven’t tried it with AWS, so not sure it will work but I’d give it a try if I were you.

 

https://www.immuniweb.com/ssl/

 

Good luck!

 

And thanks to Scott for all his open source work, and support,

Michael

 

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Ottersberg, Jens
Sent: Thursday, June 18, 2020 5:37 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] Using HTTPAPI getting the error below

 

Hello Scott and Michael,

 

I'm having a very similar error since middle of May when using Amazon MWS. Sometimes it works and sometimes it doesn't. Only Amazon MWS. Others work well.

I'm still waiting for a reply of our network guy, whether he can see something more.

 

Do you also use Amazon MWS Michael?

 

I'm using

HTTPAPI Ver 1.38 released 2017-10-09

NTLM Ver 1.4.0 released 2014-12-22

OS/400 Ver V7R3M0

 

My log looks like:

[...]

https_init(): entered

QSSLPCL = *OPSYS

SSL version 2 support disabled

SSL version 3 support disabled

Old interface to TLS version 1.0 support enabled

TLS version 1.0 support enabled

TLS version 1.1 support enabled

TLS version 1.2 support enabled

-------------------------------------------------------------------------------------

Dump of local-side certificate information:

-------------------------------------------------------------------------------------

Nagle's algorithm (TCP_NODELAY) disabled.

SNI hostname set to: mws.amazonservices.de

(GSKit) Peer not recognized or badly formatted message received.                                  

ssl_error(415): (GSKit) Peer not recognized or badly formatted message received.                  

SetError() #30: SSL Handshake: (GSKit) Peer not recognized or badly formatted message received.   

http_close(): entered

--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi

-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi