--You may be running into issues with old weak ciphers.
I ran their main site through ssllabs, and this is what I get for available ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA256 ( 0x3c
) WEAK128 TLS_RSA_WITH_AES_128_CBC_SHA ( 0x2f
) WEAK128 TLS_RSA_WITH_AES_256_CBC_SHA256 ( 0x3d
) WEAK256 TLS_RSA_WITH_AES_256_CBC_SHA ( 0x35
) WEAK256 TLS_RSA_WITH_RC4_128_SHA ( 0x5
) INSECURE128 TLS_RSA_WITH_3DES_EDE_CBC_SHA ( 0xa
) WEAK112 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ( 0xc027
) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ( 0xc013
) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ( 0xc014
) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK256 TLS_RSA_WITH_RC4_128_MD5 ( 0x4
) INSECUREYou may need to enable an old weak cipher to get it to talk.
On Thu, 2020-08-20 at 09:28 -0300, Luciano Concilio wrote:Thanks Scott for your reply. I've already updated the HTTPAPI to 1.41 and it keeps giving the same error.
Debug:************Principio de datos*************SSL version 3 support disabled
HTTPAPI Ver 1.41 released 2020-06-05
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R4M0
New iconv() objects set, PostRem=1208. PostLoc=0. ProtRem=819. ProtLoc=0
http_url_post(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: xxxxxxxxxxxxxxxxxx
DNS server found: 10.0.0.3
DNS server found: 10.0.0.4
https_init(): entered
QSSLPCL = *TLSV1 *TLSV1.1 *TLSV1.2
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
initializing GSK environment
GSK Environment now available
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: services.confirma.com.ar
(GSKit) I/O: A connection with a remote socket was reset by that socket.ssl_error(406): (GSKit) I/O: A connection with a remote socket was reset by that socket.SetError() #30: SSL Handshake: (GSKit) I/O: A connection with a remote socket was reset by that************Fin de datos*******************
Any suggestion
Thank you!!
El mié., 19 ago. 2020 a las 15:30, Scott Klement (<sk@xxxxxxxxxxxxxxxx>) escribió:
--Hello Luciano,
Have you tried this with the current version of HTTPAPI? IBM made some big changes to SSL in 7.4 which required some updates to HTTPAPI. You are using a version of HTTPAPI that is nearly 3 years out of date.
-SK
On 8/19/2020 8:57 AM, Luciano Concilio wrote:
Hi,
We have 2 virtual machines, one with OS version 7.2 and the other with OS version 7.4.
http api works perfect in 7.2 but in version 7.4 for the same webservice it gives us the following error:
debug:************Principio de datos*************
HTTPAPI Ver 1.38 released 2017-10-09
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R4M0
New iconv() objects set, PostRem=1208. PostLoc=0. ProtRem=819. ProtLoc=0
https_init(): entered
QSSLPCL = *TLSV1 *TLSV1.1 *TLSV1.2
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
http_url_post(): entered
http_persist_open(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: GRIMALDIGRASSI.COM.AR
DNS server found: 10.0.0.3
DNS server found: 10.0.0.4
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: services.confirma.com.ar
(GSKit) I/O: Una conexión con un socket remoto la ha restablecido ese socket.
ssl_error(406): (GSKit) I/O: Una conexión con un socket remoto la ha restablecido ese socket.
SetError() Ñ30: SSL Handshake: (GSKit) I/O: Una conexión con un socket remoto la ha restablecido
Could you guide us in what we can test to make it work?
Libre de virus. www.avg.com
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi
Kevin Bucknum
Senior Programmer Analyst
MEDDATA / MEDTRON
120 Innwood Drive
Covington LA 70433
Local: 985-893-2550
Toll Free: 877-893-2550
https://www.medtronsoftware.com
CONFIDENTIALITY NOTICE
This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi
-- _______________________________________________ Ftpapi mailing list Ftpapi@xxxxxxxxxxxxxxxxxxxxxx http://scottklement.com/mailman/listinfo/ftpapi