SSL error

Anybody have any idea what the following error means? I get it on both of my systems regardless of my connection method (VPN and access private IP or forward through firewall.)

3078829816:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:674:

Unfortunately, I don't know when it worked last... I do know that SSL still works for IBM System i Access for Windows, so it's not something completely broken on the server.

What I do know is my server certificate was renewed "recently' (September, I think). Also, I think I may have done something with the CA certificate. Also, we require client certificates, so I made a new one of those. I've exported all that and have pem files referenced in my .tn5250rc file. I also know my openssl was upgraded in August. I also applied cumulative PTFs and major groups since the last time I had it working.

What I don't know is what changed that caused the error. Is there something in openssl or tn5250 that is conflicting? Did a PTF change something in SSL on the server?

I've tried some things with the openssl client connection, but the results don't mean much to me. Any recommendations for troubleshooting?

$ tn5250 -ssl_verify_server myhost
3079489272:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:325:

So this implies to me that the first error is something about not trusting the server (since not verifying presents a different error.) Does this also mean my private key has a passphrase on it? (And clearly not something I've tried with ssl_pem_pass=PASSWORD)
--
Sean Porterfield

This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.