Re: IBM SSL errors (was Re: PASE for i ended for signal 6, error code 1.) -- MIDRANGE-L

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

Peter,

I don't think the problem you're experiencing is in GSKit. Rather, it is in the IBM crypto routines that both GSKit and the SSL APIs call. People have been reporting a plethora of problems with SSL in 7.1 since IBM added support for TLS 1.1 and 1.2.

There are far fewer complaints with 7.2/7.3, if that helps.

Node.js and most other PASE-based programs do not use the IBM crypto, but instead use the open source OpenSSL toolkit.

I could potentially write code in HTTPAPI to make it use OpenSSL as well, which would surely eliminate the problem. But, this would take a lot of my time, and I'm not sure it's worth it, since 7.2/7.3 work so much better.

As usual, though, Open Source software (OpenSSL) is much more robust and better supported than commercial (IBM crypto, GSKit, SSL APIs, etc).

-SK

On 11/21/2016 6:02 PM, Peter Connell wrote:

Thanks Scott,

No, we've not experienced any handshake problems at V7R1 on incoming HTTP requests to the Apache server.
Just outgoing via GSK apis. So I'm no wiser.

I didn't realize that IBM appears to support Node given that they now supply the folder /QOpenSys/QIBM/ProdData/Node
It appears that quite a simple node JS script can avoid the GSK errors. Just can't compile it into RPGLE like GSK.

Cheers, Peter

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.