RE: Die 7.1 Die! Was: FW: gsk rc =415, GSK_ERROR_BAD

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

SHA-1 is considered obsolete. Should use SHA-2 or SHA-256. (Same thing just different names.)

Generally SHA-1 is due to an old CA that issued the new certificates.

Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: Wednesday, October 19, 2016 12:57 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: Die 7.1 Die! Was: FW: gsk rc =415, GSK_ERROR_BAD_PEER woes

Interesting. Using GETURI (which uses the base SSL APIs) :

With valocity.co.nz I get RC(-23) which is easy enough to fix by importing
their CAs

For valocity-uat.co.nz I get RC(-10) which is SSL_ERROR_IO.

When I visit the latter with chrome and view the SSL info I get:
The connection to this site uses a strong protocol (TLS 1.2), a strong key
exchange (ECDHE_RSA), and an obsolete cipher (AES_256_CBC with HMAC-SHA1).

An "obsolete cipher"?

I got the same results after importing their CAs.

The main certificate (not the CAs) also expires in a few days (Oct 24,
2016).

Brad
www.bvstools.com

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.

RE: Die 7.1 Die! Was: FW: gsk rc =415, GSK_ERROR_BAD_PEER woes