removing the *AES_256_GCM_SHA384 cipher did NOT stop the (415) errors.

On Thu, Oct 7, 2021 at 9:06 AM Rob Berendt <rob@xxxxxxxxx> wrote:

Seems to be a few issues with that cipher. Wait, that's the one you added
back in which still works.
https://support.oracle.com/knowledge/Middleware/2233449_1.html
Look for the blue box on the following:
https://ciphersuite.info/cs/TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/

Hmm, IBM must have a list of ciphers which may cause issues with some
equipment, and that's why they suggested these two.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Brad Stone
Sent: Thursday, October 7, 2021 9:51 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Bad Peer (415) SSL Handshake Error update

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


Here's the latest.

Added TLS v1.3 back into the list and removed these two ciphers:

Removed
*ECDHE_RSA_AES_256_GCM_SHA384
*AES_256_GCM_SHA384

The error seems to have stopped.

Added back in *ECDHE_RSA_AES_256_GCM_SHA384 and still couldn't get the
error. Once I added back in *AES_256_GCM_SHA384 the error returned.

I'm still testing, but it seems the issue is this particular cipher.

On Thu, Oct 7, 2021 at 8:41 AM Gerald Magnuson <gmagqcy.midrange@xxxxxxxxx

wrote:

We have Fortinet Firewalls here that do some "packet inspection".
I can't reiterate what he told me, but it sounded like sometimes the
firewall will "downgrade" the TLS to inspect, and may cause problems.

Does anybody with this problem, "(415) Peer not recognized, or badly
formatted", have Fortinet infrastructure?



On Thu, Oct 7, 2021 at 7:17 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

Scott,

I think he's got GETURI set up to use the SSL APIs vs GSKit.

On Wed, Oct 6, 2021 at 7:05 PM Scott Klement <
midrange-l@xxxxxxxxxxxxxxxx>
wrote:

GSKit is part of the operating system, it's not a feature of HTTPAPI
or
GETURI.

I can't imagine why GSKit would work in GETURI but not HTTPAPI...
makes
no sense.

On 10/6/2021 9:11 AM, Greg Wilburn wrote:
I've seen this with HTTPAPI. I didn't get as far as you with IBM.

I still have one site where GETURI will work, but HTTPAPI doesn't
due
to
a GSKit error.
Your post makes me feel better (I think)

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.