SSL_connect() error

I am trying to send an HTTP request and getting "SSL/TLS error return from SSL_connect()." error (Cache 2013). No modification in SSL/TLS Configuration helped. Could anyone point me in the right direction?

Thanks

Vote up!
Vote down!

Rating: 0

Comments: 4 Views: 94

Comments

Hi Alexander,

There is some information about debugging SSL/TLS connections using REDEBUG utility here: https://community.intersystems.com/post/ensemble-201523-certificate-not-...

It may be helpful.

Vote up!
Vote down!

Rating: 0

Please provide your SSL config.

Vote up!
Vote down!

Rating: 0

To mark your question as "answered" on Developer Community, please click the checkmark alongside the answer you (as author of the question) accept.

Vote up!
Vote down!

Rating: 0

3 answers

Answer

before launching your request in your check your %Net.HttpRequest object
property Https is obviously set.

property SSLConfiguration has to be

The name of the activated TLS/SSL configuration to use for https requests.

if the request fails in execution
property SSLError tells you what went wrong

If request uses an SSL connection and a SSL handshake error has occurred, then SSLError contains text describing the SSL error.

more on  %Net.HttpRequest here
http://docs.intersystems.com/latest/csp/documatic/%25CSP.Documatic.cls?P...

 

Vote up!
Vote down!

Rating: 0

Answer

Can you connect to that server using openssl?

If yes, try to match protocol openssl uses with the protocols enabled in SSL/TLS Configuration.

E.g. if SSL/TLS Configuration have only TLS1 enabled, try to connect with openssl using -tls1

openssl s_client -tls1 -connect server:port

Maybe that server requires tls1.2 or SNI that is not available in Caché 2013.1

Vote up!
Vote down!

Rating: 0

Answer

Hi Alex,

Thank you for detailed answer. This might be a reason why the SSL handshake works on Cache 2016 but not on 2013. What openssl do you recommend to use (I don't have it installed)?

Vote up!
Vote down!

Rating: 0

I don't have any particular recomendations about openssl. I use openssl that icomes with linux I use.

If connection works Ok on 2016.1 (or 2016.2?) you might try to uncheck tls1.1 and tls1.2 in SSL/TLS configuration settings on 2016.1 installation, leaving only tls1.0 and see if connection succeeds. If no -- probably server requires tls1.1 or tls1.2.

Vote up!
Vote down!

Rating: 0

Log in to answer