× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 1998

Re: SSL Handshake with Microsoft Internet Explorer

  • Subject: Re: SSL Handshake with Microsoft Internet Explorer
  • From: Mark Bauman <mlbauman@xxxxxxxxxxxx>
  • Date: Sun, 1 Nov 1998 17:27:49 -0600 (CST)
  • In-Reply-To: <199810221954.PAA06010@welcome.ouac.on.ca>
 
Peter, 

Excerpts from mail: 22-Oct-98 SSL Handshake with Microsof.. "Peter
Schaefer"@netserv (1716*) 

> We have setup SSL on our AS/400; first with a self-signed  
> certificate.  Later we removed the self-signed certificate, and added  
> a Verisign certificate. 

> The Verisign certificate seems to work well with both the 40-bit and  
> 128-bit encryption versions of Netscape. 

> However, we get SSL handshake errors when trying to connect to  
> the AS/400 using Microsoft Internet Explorer. 

> So we created a new server instance.  We pointed the new server  
> instance at the key ring with the Verisign certificate.  But we still  
> get the handshake errors with MS Internet Explorer. 

> We've tried diddling with the "Advanced" portion of Internet  
> Explorer's "Internet Options."  Still no luck. 

> Has anyone seen this problem?  Have you found a way around it? 

> Thanks in advance. 

This is a microsoft problem that we have been trying to get them to
"own" for about 6-8 weeks now.  

The problem is that the SSL V3.0 implementation provided as part of IE
4.x is broken.  We have seen 2 distinct problems with IE 4.x SSL based
on traces we have analyzed.  The first is that IE 4.x SSL will
arbitrarily break the TCP level connection during the handshake.  We
have no idea why this is happening since AS/400 SSL V3.0 is a standard
compliant implementation and it works with all other browsers (including
IE 3.x).  The second problem is that IE 4.x will send non-encrypted data
to the secure port of an HTTP server, which will be rejected by the
AS/400 SSL server code (and rightfully so, since it is expecting an SSL
handshake client hello message). 

 We have done everything we can to get MS to respond but the responses
have been nonexistent at worst or noninformative at best.  We are
continuing to press this issue with MS and hope to eventually get a
resolution from them.   

If you want to help, the best thing to do is to open a problem report
with Microsoft support.   


Mark L Bauman 
AS/400 Software Communications Development 
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.