New post
Question
· Jul 21, 2023

SSL/TLS error return from SSL_read()

#Business Operation #Red Hat Enterprise Linux (RHEL) #SSL #InterSystems IRIS
First time setting up a SSL/TLS connection, and I am running into issues when I call it from within a Business Operation. I used openssl to generate a RSA 4096  SHA512 key/csr request for our Active Directory Certificate Service to generate a Certificate Chain for me to use within RedHat. I was 
able to connect to our Web Service server using a generic request from terminal, however when I try it from our Business Operation I am running into issues.

I tested the SSL/TLS connection using the following commands from the terminal...

DEVCLIN>set request=##class(%Net.HttpRequest).%New()
DEVCLIN>set request.Server = "ihisicbgnp.osumc.edu"
DEVCLIN>set request.Port=443
DEVCLIN>set request.SSLConfiguration="OSUWMC"
DEVCLIN>set request.Https=1
DEVCLIN>set tSC=request.Get("/",2)

and received a HTTP/1.1 200 OK back.
HTTP/1.1 200 OK
ACCEPT-RANGES: bytes
CACHE-CONTROL: private
CONTENT-ENCODING: gzip
CONTENT-LENGTH: 467
CONTENT-TYPE: text/html
DATE: Thu, 20 Jul 2023 20:08:54 GMT
ETAG: "b072b0f23afdd01:0"
LAST-MODIFIED: Fri, 02 Oct 2015 17:51:21 GMT
NTCOENT-LENGTH: 701
SERVER: Microsoft-IIS/8.5
X-POWERED-BY: ASP.NET.....

However if I try specifying the direct Web Service call from the Business Operation using the SSL/TLS configuration with that same HTTP server, but with the URL to the direct web service I am getting …. ERROR #6097: Error '<READ>Read+28^%Net.HttpRequest.1' while using TCP/IP device 
'9999'

I enabled
%SYS>d ^REDEBUG
 with FFFFFFFF flags and I am seeing...
a connection was made but then a SSL/TLS error return from SSL_read()
TCP connected to site 10.81.7.238 port 443
07/21/23-09:33:39:851 (3109066) 0 [Generic.Event] StreamInit: SNDBUF sys size=87040, dev size=0
07/21/23-09:33:39:851 (3109066) 0 [Generic.Event] StreamInit: RCVBUF sys size=369280, dev size=0
07/21/23-09:33:39:851 (3109066) 0 [Generic.Event] SSLconfig called - SSL_init = 0
07/21/23-09:33:39:851 (3109066) 0 [Generic.Event]
SSL/TLS configuration: OSUWMC
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event]
TLS enabled versions, minimum: 16, maximum: 32
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event]
Cipher list for TLSv1.2 and below: ALL:!aNULL:!eNULL:!EXP:!SSLv2
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event]
Ciphersuites for TLSv1.3: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event]
Certificate file: /etc/pki/ca-trust/source/anchors/int-lxiris-vd01.pem
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event]
Private key file: /etc/pki/ca-trust/source/anchors/int-lxiris-vd01.key
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event]
^MPeer verification option = 0, certificate depth = 9
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event] OCSP Disabled for this SSL profile
07/21/23-09:33:39:853 (3109066) 0 [Generic.Event]
SSL/TLS client SSL_connect request.
07/21/23-09:33:39:864 (3109066) 0 [Generic.Event]
SSL/TLS error return from SSL_read().
07/21/23-09:33:39:864 (3109066) 0 [Generic.Event]
SSL_ERROR_SYSCALL: I/O error
is the RSA 4096 SHA512 certificate causing an issues since the Cipher suites do not specify RSA 4096 SHA512? Why would it work sending a generic request from Terminal but not from the Business Operation?
Product version: IRIS 2023.1
$ZV: IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2023.1 (Build 229U) Fri Apr 14 2023 17:16:34 EDT
Discussion (1)3
Log in or sign up to continue
Scott Roth · Aug 3, 2023

The issue was with the code that I was using in my Business Operation that was not calling the SSL Configuration. I have since reverted my Business Operation code back to the more standard code that is described in the Documentation, however I am still running into issues making sure the correct format of the Header is being sent in the REST API call, and how to interpret the JSON that is being returned by the REST API.

0 0