My guess is that you're getting a connection from a source that isn't attempting to start an ssl session and you have an SSL handshake timeout of 2 minutes. If this is an external facing application then it could be from a probe which is very common. These sort of connections come in and just hang there unless you've got a very short initial inactivity timeout. If I'm right and your handshake timeout is 2 minutes then that's excessive. Typical ssl handshakes are measured in milliseconds.

On 9/2/2015 9:35 PM, Steinmetz, Paul wrote:
What can cause an app using SSL to fail briefly for short window, 2 minutes?
We see SSL failure message in both the iSeries app log and the remote server log.

Remote server log
MessageProtocolFTCP2:Send status: false IOExceptionRead timed out

iSeries App log
Exception=communication error with gateway connection SystemException_1{#0,Key=null,ReturnCod

[02 04:04:52.029] ERROR MSMASYNC: msm_listener: 21: -->
+ failed to gsk_secure_soc_init on 8604, rc=415 error=Peer not recognized or bad
+ ly formatted message received., rejecting this non-SSL connection

02 04:06:50.949] ERROR MSMASYNC: msm_listener: 21: -->
failed to gsk_secure_soc_init on 8604, rc=415 error=Peer not recognized or bad
ly formatted message received., rejecting this non-SSL connection

If an SSL handshake doesn't compete in x amount of time, could this be the cause of the issue?
How long is X?
2 minutes?

Where or how would one start to try and troubleshoot this issue?

Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/





This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].