× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



​Can you compare a trace between HTTPAPI and GETURI?​

Any differences jump out at you?

Charles

On Tue, Oct 31, 2017 at 2:39 PM, Krill, Coy <CKrill@xxxxxxxxxxx> wrote:

Correct, 13.33.164.82 is not at avalara, it's part of Amazon Cloudfront,
which is Amazons CDN (content distribution network). developer.avalara.com
will be using the same cert for all their IPs, however, there will be
another cert for amazon. It's possible that something is choking on the
cert change when the information is loading from avalara but redirects you
to amazon to pickup some "content".

Coy Krill
Core Processing Administrator/Analyst
Washington Trust Bank


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Bradley Stone
Sent: 2017 October 31 13:19
To: Midrange Systems Technical Discussion
Subject: Re: SSL Error (SSL_ERROR_NO_CIPHERS) Question
Importance: Low

I don't quite follow. The IP in the logs was 13.33.164.82, but that no
longer shows up for developer.alalara.com when I enter that in the SSL
decoder page.

It tells me:

Multiple endpoints for developer.avalara.com

We've found multiple A or AAAA records for developer.avalara.com. Please
choose the host you want to scan from the list below:
13.32.153.5 (port: 443)
13.32.153.15 (port: 443)
13.32.153.113 (port: 443)
13.32.153.77 (port: 443)
13.32.153.95 (port: 443)
13.32.153.229 (port: 443)
13.32.153.165 (port: 443)
13.32.153.207 (port: 443)

Each should have the same SSL certificates I would "assume".


Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #12 <https://www.bvstools.com/mailtool.html>: Both Text
and HTML email support

On Tue, Oct 31, 2017 at 3:13 PM, Krill, Coy <CKrill@xxxxxxxxxxx> wrote:

Brad the IP address in your SSL decoder is not the address where you
received the SSL failure. Your SSL failure below is from amazon
cloudfront which indicates the page at avalara is using content from
amazons CDN and that's where you are getting your problem. Can you
parse the page from avalara and try ssldecoder on the amazon server URLs?

Coy Krill
Core Processing Administrator/Analyst
Washington Trust Bank


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Bradley Stone
Sent: 2017 October 31 12:55
To: Midrange Systems Technical Discussion
Subject: Re: SSL Error (SSL_ERROR_NO_CIPHERS) Question
Importance: Low

That is my thought, but IBM is telling me to contact the server admin
to ask why it's not working.. (lol!) They had me run a trace and they
just took that, ran it through wireshark and told me the above.

Heres the SSL decoder:
https://ssldecoder.org/?host=developer.avalara.com:13.32.
153.77&port=443&fastcheck=0

Getting the info from Chrome on the certs also shows the ciphers "should"
be ok.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #5 <https://www.bvstools.com/mailtool.html>: Easy
setup!
No confusing or obscure setup instructions, directory entries, SMTP
users, aliases or host tables. All you need is TCPIP, a connection to
the internet and you're done!

On Tue, Oct 31, 2017 at 2:32 PM, Charles Wilt <charles.wilt@xxxxxxxxx>
wrote:

Brad,

Given that its a 7.3 machine, it's likely trying to use TLS 1.2 with
a newer cipher that the site doesn't support...

What does https://ssldecoder.org/ report for the site?

Charles

On Tue, Oct 31, 2017 at 1:02 PM, Bradley Stone <bvstone@xxxxxxxxx>
wrote:

Ok, Im getting no where with IBM support on this so I thought I'd
come
here
to see if there are any ideas.

On two V7R3 machines using GETURI to make requests to an SSL site,
I am getting RC(-1) SSL_ERROR_NO_CIPHERS from the SSL_Handshake API.

I tried things with HTTPAPI and things seemed to work fine. (I
believe HTTPAPI uses GSKit).

IBM is telling me to contact the admin of the server to see why
the error is happening. ??

Here is what appears to be the error using a capture from the IBM
i and Wireshark to view it:

13.33.164.82 192.168.1.32 TLSv1.2 59 Alert (Level: Fatal,
Description:
Handshake Failure)

I haven't used wireshark in a while, so I can tell if that's the
remote server or my local server (the 192.xxx system) that is
issuing this
error.
But it looks like the remote server is telling my system it's a
handshake error (why I have no idea).

Why that would cause the SSL_Handshake API to return NO_CIPHERS is
also unknown to me.

Any ideas?

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #16 <https://www.bvstools.com/mailtool.html>: No
external
"helper" PC system required. 100% IBM i native!
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at https://archive.midrange.com/
midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


---------------------------------------------------------------------
This electronic mail message and any attachments may contain
confidential or privileged information and is intended for use solely
by the above-referenced recipient. Any review, copying, printing,
disclosure, distribution, or other use by any other person or entity
is strictly prohibited under applicable law. If you are not the named
recipient, or believe you have received this message in error, please
immediately notify the sender by replying to this message and delete
the copy you received

---------------------------------------------------------------------

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


---------------------------------------------------------------------
This electronic mail message and any attachments may contain confidential
or privileged information and is intended for use solely by the
above-referenced recipient. Any review, copying, printing, disclosure,
distribution, or other use by any other person or entity is strictly
prohibited under applicable law. If you are not the named recipient, or
believe you have received this message in error, please immediately notify
the sender by replying to this message and delete the copy you received

---------------------------------------------------------------------

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.