I have a few customers that seem to be reporting an issue with the IBM SSL
APIs after applying a recent PTF group when using GETURI (HTTPAPI also
reports the same issues) communicating with a web service.
Also from tests using cURL and PHP on the IBM i the error cannot be
reproduced, neither can it on the PC using Postman, etc.
Randomly they are receiving the error:
415 - Peer not recognized or badly formatted message received.
If the standard SSL APIs are used RC is normally -16 if I recall.
One customer was able to work with a trading partner and they did a trace
on their end and tracked it down to the "Hello" communications from the IBM
i during SSL negotiation.
What they saw and explained was something like this:
"...When everything is working fine we have noticed the server hellos are
super small …376 bytes which is an indication of TLS session reuse. Then
there is an attempt to do TLS reuse with a different proxy or backend
server and it fails which is likely this TLS FATAL illegal parameter
error. The NEXT server hello is much larger, 3586 bytes, because the TLS
session is trashed and has to start over.
It then works for a while with the little server hello's doing session
reuse ... until a proxy or backend server gets switched and it blows up and
starts all over..."
So, when this error is reported on the IBM i seems to correlate with what
they see on their end where the TLS session is "trashed".
My suspicion is that a recent PTF broke this, since it worked for years
previously and after the PTFs this behavior started.
I have the customer contacting IBM to see when they can find with all this
information, but I am just curious if anyone else is experiencing this
issue and what they have found.
Bradley V. Stone
Native IBM i e-Mail solutions for Microsoft Office 365, Gmail, or any Cloud
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.