× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2020

Re: GSKit SSL Handshake error 406 errno 3406

So, here's an interesting turn. The place that is using this certificate
we asked if they could update it so they are not using an obsolete cipher.
The main reasoin is that if they didn't, it would mean changing the
defaults of SSL on the system so we could modify the cipher list. Not
always a good idea (although all other systems seem to work with this
certificate).

They replied with a note saying that they support all these ciphers [insert
large list here] so it shouldn't be an issue.

I tried to explain that the list isn't what their SSL certificate is using
or is making available to clients connecting. That would be like me
showing a client the system value for QSSLCSL and saying that my SSL
website accepts all those ciphers, when in fact it's the certificate itself
that uses specific ciphers.

Am I missing something here, or is this just a miscommunication? I don't
think they understand how SSL handshakes work.. or maybe I don't! :)

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #15 <https://www.bvstools.com/mailtool.html>: The ability
to add a Footer to each email sent using an IFS stream file.

On Mon, May 18, 2020 at 8:59 AM B Stone <bvstone@xxxxxxxxx> wrote:

Ok, I have verified by updating the SSL cipher list that this error was in
fact caused by an obsolete cipher. When I added the cipher to the list the
error disappeared.

We will be working with the admins of the endpoint to see if they are
willing to update their certificate.


Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #10 <https://www.bvstools.com/mailtool.html>: Resend
Emails - When emails are sent using MAILTOOL Plus or another addon, those
emails are logged and you have the ability to resend them one by one, or as
a batch (ie, all unsent emails at once).

On Tue, May 12, 2020 at 10:54 PM B Stone <bvstone@xxxxxxxxx> wrote:

I already have all that information from the chrome inspection. I even
posted it in my reply to Scott.


On Tue, May 12, 2020 at 7:27 PM Jack Woehr <
jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

On Tue, May 12, 2020 at 5:50 PM B Stone <bvstone@xxxxxxxxx> wrote:


But I would need to know/look up which cipher(s) to enable to test my
theory. :)


To test the server and see what it is serving up for SSL:

https://www.ssllabs.com/ssltest/

--
Jack Woehr
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you received
this communication in error, please contact the sender and delete/destroy
all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.