×

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.



  1.  Home
  2. RPG400-L
  3. April 2021

RE: ssl_error(406)

SK,
Thanks for the response... I've already fallen into the rabbit hole.

I had IBM support help me take a communications trace... they thought the handshake was fine and the connection reset occurs after the negotiation.

I was pulling the certificate information out of http_debug.txt. I thought it was odd that the "local" certificate from our server was dumped there. I have the whole chain on our system in DCM. There is no reason to question the certificates.

The only reason I questioned the certificate negotiation at all was because another application (that uses HTTPAPI as well) began having random communications failures after I added TLSV1.3 to QSSLPCL on our server (in an attempt to rectify this issue). That application (JetPay) uses an older version of HTTPAPI. I have since removed TLSV1.3 from QSSLPCL and all is good with that application.

Just as you cautioned, the server side support is almost no help at all.
I don't understand why GETURI will work with this web service, while it drops communications with an HTTPAPI connection. I almost have to be doing something wrong.

To complicate things even more, we are migrating to a new Power9 system tomorrow - same OS level (v7r3) but more recent PTFs.
So maybe the problem will resolve with PTF updates?

Thx,
Greg

-----Original Message-----
From: RPG400-L [mailto:rpg400-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Friday, April 09, 2021 2:28 PM
To: rpg400-l@xxxxxxxxxxxxxxxxxx
Subject: Re: ssl_error(406)

Greg,

Previously, you were getting a connection reset prior to it being able
to negotiate certificates.  Has that changed?

I don't know anything about this method you are using to verify the
certificate...  But, typically when you verify a certificate you need
the whole chain, not just one cert.  Do you have the rest of the chain
loaded into the verify tool already?

I'm a little worried about "going down the rabbit hole" trying to verify
certificates...  is there a genuine reason to believe that there is
something wrong with the server's certificate?

-SK


On 4/8/2021 3:45 PM, Greg Wilburn wrote:
Still looking at this...

Not sure if this means anything, but the debug test shows a dump of the local-side certificate. I didn't see that in other httpapi debug files I have on our system. The certificate string in http_debug.txt looked "too short" to me.

So I copied the certificate string, saved it on my PC as a .cer file and opened it. Under Certificate Information it says
"Windows does not have enough information to verify this certificate."

Grasping at straws here.


This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.