no not forcing it. I have a mix of ciphers and protocols.
yes the end point supports it. 98% of the calls go through fine with
SSLv1.3.

and of the errors,,, 95% of them happen between 5am and 10am.



On Tue, Nov 10, 2020 at 8:50 AM Charles Wilt <charles.wilt@xxxxxxxxx> wrote:

Are you forcing 1.3? Does the endpoint support it?

IIRC, That message is common when there's no compatible version between the
endpoints..

Charles

On Tue, Nov 10, 2020 at 7:47 AM Gerald Magnuson <
gmagqcy.midrange@xxxxxxxxx>
wrote:

It may fix those who are using TLSv1.2, since the APAR description
details
that.
I only see the errors when I use TLSv1.3 and the TLSv1.3 ciphers.


On Tue, Nov 10, 2020 at 8:39 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

Bummer. Thanks for the update.

On Tue, Nov 10, 2020 at 8:03 AM Gerald Magnuson <
gmagqcy.midrange@xxxxxxxxx>
wrote:

Nope.
still have the "ssl_error(415): (GSKit) Peer not recognized or badly
formatted message received." errors.


On Mon, Nov 9, 2020 at 10:54 AM Gerald Magnuson <
gmagqcy.midrange@xxxxxxxxx>
wrote:

I just found and applied MF67905.

DESCRIPTION OF PROBLEM FIXED FOR APAR MA48640 :
-----------------------------------------------
When a callback function is set on gsk_attribute_set_callback()
for GSK_CERT_VALIDATION_CALLBACK, TLSv1.2 cached handshakes fail
with GSK_ERROR_BAD_PEER.

CORRECTION FOR APAR MA48640 :
-----------------------------
The TLSv1.2 handshake path was updated to properly handle cached
handshakes when there is a callback function set on
gsk_attribute_set_callback() for GSK_CERT_VALIDATION_CALLBACK.


I have just applied said ptf, and will see how it goes.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.