Hello,
First of all, I would highly recommend that you update to the current version of HTTPAPI. I've made a few updates related to IBM's SSL updates from V7R3 and V7R4. They may help. This should be the first thing you try to fix the problem.
If that doesn't work, then consider trying what IBM asks. If it fails with a timeout, try calling it again. Put a limit on it (maybe try calling 5-10 times, but then give up)... but do try again.
Good Luck!
-SK
Hello,I am seeing SSL handshake issues after IBMi OS 7.4 upgrade. We reached out to IBM and they are asking me to change the client application code to add retry logic. Below is the link they sent us after analyzing the network logs.
Anyone came across a similar issue? For now I changed the QSSCPCL system value to TLS 1.2 to get it to work temporarily.
P.S:- I removed some identifiable information from the log and that is intentionalHTTPAPI Ver 1.39 released 2018-03-09
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R3M0
http_url_postWs(): entered
http_persist_openws(): entered
http_long_ParseURLWs(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: xy.com
DNS server found: 99.144.64.109
DNS server found: 99.236.64.109
https_initws(): entered
QSSLPCL = *OPSYS
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabledOld interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Serial Number: 79:00:00:00:B3:C9:7A:B5:0E:16:35:29:8D:00:00:00:00:00:B3
Common Name: dir6wms
Country: US
State/Province:
Locality:
Org Unit: XXX
Org: XXX
Issuer CN: ABC.XYZ.com Issuing CA
Version: 3
not before: 20200317134408
Unknown Field: 13:44:08 17-03-2020
not after: 20250316134408
Unknown Field: 13:44:08 16-03-2025Unknown Field: 13:44:08 16-03-2025
pub key alg: 1.2.840.113549.1.1.1
signature algorithm: 1.2.840.113549.1.1.11
Unknown Field: 0382010F003082010A0282010100B1AE3605486AD835E9CE4980B54E0FC44C041B37F28AA479BE124E4A19CE7520B4D6
Unknown Field: 2048
Unknown Field: 2D0E718293505D912F1DDEA174FC26A9
Unknown Field: 1.2.840.113549.2.5
Unknown Field: F42A509C83C60B5B428E42CBE929DD7BA7C9CDCB
Unknown Field: 7CE4775D38D3451FE0DAE34AA308DFCA4103B2D2D4289B1F1B0305E922F15783
Unknown Field: 5
Unknown Field: abc.xyz.com
Unknown Field: eocadm@xxxxxxx
Unknown Field: 1.3.6.1.5.5.7.3.1
Unknown Field: 1.3.6.1.5.5.7.3.2
Unknown Field: http://crl.st.com/S001.abc.com%20Issuing%20CA.crt
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: TEST.ABC.comSetErrorWs() #32: Time out during SSL handshake
--
--/Panduranga Nayak
-- _______________________________________________ Ftpapi mailing list Ftpapi@xxxxxxxxxxxxxxxxxxxxxx http://scottklement.com/mailman/listinfo/ftpapi