× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



You are running an 11 year old version of HTTPAPI.   HTTPAPI didn't enable TLS v1.2 back in 2008 (because the OS at the time didn't support it.)

Please update to a current HTTPAPI.

On 6/19/2019 9:00 AM, Versfelt, Charles wrote:
I tried to post to the HTTPAPI newsgroup, I guess the link is broken again? I have an HTTPAPI program trying to connect to a new vendor. A similar process works with many of our other vendors. With the new vendor I'm getting the Peer not recognized or badly formatted message received. I read some other messages with this problem. I don't know a lot about SSL encryption ciphers but some other messages suggested that may be the issue. The site I'm connecting to is an https.

I am aware that we're on an old version of HTTPAPI, I'm currently working with the Operation staff to upgrade. I don't know if an older version of HTTPAPI could have anything to do with the issue.

My HTTP error log is at the bottom of this message. I'm doing an http_url_post_stmf.
The vendor gave me a list of information about their site including:
Their SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
Their Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

I can provide the SOAP/XML I'm sending here if necessary, but since the problem appears to be with the handshake
so I don't think the issue is there.

I asked the Operations Manager to see if we have the Ciphers necessary for the SSL connection required. Our current operating system is V7R3M0. He sent me a print screen of QSSLPCL Secure sockets layer protocols and said we're already configured to support TSLv1.2.
The screen showed showed Protocols
*TLSV1.2
*TLSV1.1
*TLSV1
He sent me another print screen of our ciphers, which includes ECDHE_RSA_AES_128_GCM_SHA256.
Any advice that might guide me in the right direction would be appreciated.

Regards,
Charlie


Httpapi error log
HTTPAPI Ver 1.23 released 2008-04-24
OS/400 Ver V7R3M0
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
http_url_post_stmf(): entered
getting post file size...
opening file to be sent...
opening file to be received
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: us.adler.corp
DNS default domain: us.adler.corp
DNS server found: 10.1.20.11
DNS server found: 10.1.20.12
https_init(): entered
--------------------------------------------------------------------------------
Dump of local-side certificate information:
--------------------------------------------------------------------------------
(GSKit) Peer not recognized or badly formatted message received.
ssl_error(415): (GSKit) Peer not recognized or badly formatted message received.
SetError() #30: SSL Handshake: (GSKit) Peer not recognized or badly formatted message received.
--------------------------------------------------------------------------------
Dump of server-side certificate information:
--------------------------------------------------------------------------------
Cert Validation Code = 0
(GSKit) An operation which is not valid for the current SSL session state was attempted.
ssl_error(5): (GSKit) An operation which is not valid for the current SSL session state was attempted.
(GSKit) An operation which is not valid for the current SSL session state was attempted.

This email message has been scanned for viruses and malware by Mimecast.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.