[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] just upgraded os from 7.3 to 7.4, sporadic "Peer not recognized or badly formatted message received"



I opened a ticket with IBM.

Sent them some comm traces, and they indicate that when this is failing, Server Name Indication (SNI) is turned on, but when it is working, SNI is off.

 

 

 

 

Gerald Magnuson | Senior System I Admin


The Knapheide Manufacturing Company
1848 Westphalia Strasse // P.O. Box 7140 // Quincy, IL // 62305-7140
P: 217-592-5291 //  F: 217-592-5046 // www.knapheide.com

Facebook LinkedIn Instagram Twitter YouTube

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Scott Klement
Sent: Tuesday, September 8, 2020 3:39 PM
To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Ftpapi] just upgraded os from 7.3 to 7.4, sporadic "Peer not recognized or badly formatted message received"

 

Hello,

You can do HTTP_setDebugLevel(2) to get more detail, et al.

I don't think that'll be very helpful in this particular situation, however.  What's happening is that HTTPAPI is calling the IBM i routine named gsk_secure_soc_init().  This routine is what negotiates the TLS/SSL parameters with the remote HTTP server.  This is often referred to as "SSL handshaking".

The gsk_secure_soc_init() API is returning error code GSK_ERROR_BAD_PEER.  You can read more about the API and its error codes here:
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/apis/gsk_secure_soc_init.htm

I don't see how adding timestamps or including more information about HTTPAPI's internals would be helpful considering that we know the error is occuring wthin an IBM API, and not inside HTTPAPI itself.  The error message is already telling you everything it knows:  The remote server sent a message that it cannot recognize.  It's basically one of three things:

1) Your system doesn't have the particular set of TLS/SSL parameters needed available.  (i.e. you aren't allowing the particular SSL version, ciphers, etc, that it wants to use.)

2) Something is causing the data to be corrupted / formatted wrong.

3) The remote server is not trying to speak TLS or SSL, but you are.

 

 

On 9/8/2020 2:46 PM, Gerald Magnuson wrote:

I am being asked about providing a deeper level of logging.

 

I only know about http_debug(*on : ‘filename.txt’);

 

Is there something that will output timestamps and more detail?

 

 

 

 

-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi