Re: Intermittent SQL0443 when invoking HTTP_GET_BLOB

GPT-4o mini
Yes, it's quite common for SSL/TLS clients to have different timeout settings for the connection establishment phase versus the cipher negotiation phase. Here's a breakdown:
Timeout Behavior in SSL/TLS
Connection Establishment Timeout

* Duration: The timeout for establishing a connection, which includes the initial TCP handshake, is often set to be relatively long (commonly 30 seconds or more). This allows for retries and accommodates slower networks.
* Reason: This phase needs to account for potential issues outside of the SSL/TLS layer, such as network latency, server responsiveness, and initial response delays.

Cipher Negotiation Timeout

* Duration: The timeout during cipher negotiation is typically much shorter, often in the milliseconds to a few seconds range.
* Reason: This phase involves a series of message exchanges (ClientHello, ServerHello, etc.) that should ideally complete quickly if the server is responsive. If the negotiation takes too long, it can indicate issues like:
* Server processing delays
* Mismatched ciphers
* Network issues causing data loss or retransmission

Observations

1.
Short Timeouts: If you're experiencing short timeouts during the cipher negotiation phase (milliseconds), it may indicate that the SSL client is configured to fail quickly when it doesn't receive timely responses from the server.
2.
Logs and Errors: It would be beneficial to check server logs for errors or delays during cipher negotiation to diagnose the root cause. Look for:
* Cipher suite mismatches
* Any delays in server response to the ClientHello message
3.
Configuration Review: Review both the client and server configurations for timeout settings. Specifically, look for:
* SSL_CTX_set_timeout (or equivalent, depending on the SSL library)
* Any connection timeouts and negotiation timeout settings that might be set too low on the client side.

Conclusion
Different timeout durations between connection establishment and cipher negotiation are typical. If you're seeing short timeouts during negotiation, it's worth investigating server performance, configuration mismatches, and network stability to identify any bottlenecks or misconfigurations. Adjusting these settings may improve reliability and reduce unnecessary failures.
________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Brad Stone <bvstone@xxxxxxxxx>
Sent: Thursday, December 11, 2025 11:10
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: David Gibbs <david@xxxxxxxxxxxx>
Subject: Re: Intermittent SQL0443 when invoking HTTP_GET_BLOB

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Define "too long". SSL timeouts are normally at least 10 to 30 seconds.
If it's taking that long, you have other problems. The negotiation should
take milliseconds.


Jack Woehr
Independent Consulting Programmer

303-847-8442

jack.woehr@xxxxxxxxxxx

www.procern.com

Stay Connected!

Upgrade your IT state of mind!

 NON-DISCLOSURE NOTICE: This communication including any and all attachments is for the intended recipient(s) only and may contain confidential and privileged information. If you are not the intended recipient of this communication, any disclosure, copying further distribution or use of this communication is prohibited. If you received this communication in error, please contact the sender and delete/destroy all copies of this communication immediately.