PxPlus User Forum

Twitter Twitter Twitter

Author Topic: Error 13 on [tcp] connection with secure  (Read 1194 times)

michaelgreer

  • Diamond Member
  • *****
  • Posts: 129
    • View Profile
Error 13 on [tcp] connection with secure
« on: July 29, 2022, 11:27:43 AM »
This is version 15.1.  When I attempt to use request the open on a website using ";secure" and port 443 I get an error 13. I can use postman and disable all but TLS 1.1 and I have no issue.  Thoughts on how I might get the open.

Devon Austen

  • Administrator
  • Diamond Member
  • *****
  • Posts: 382
  • Don’t Panic
    • View Profile
    • PVX Plus Technologies
Re: Error 13 on [tcp] connection with secure
« Reply #1 on: July 29, 2022, 11:37:01 AM »
On the [TCP] open specify the "TLS1.2" option to force pxplus to use TLS1.2 which is the newest protocol it supports and the most likely to be accepted. Without specifying that the server may be detecting that PxPlus supports a older unsupported protocol and rejecting it.
Principal Software Engineer for PVX Plus Technologies LTD.

Mike King

  • Diamond Member
  • *****
  • Posts: 3811
  • Mike King
    • View Profile
    • BBSysco Consulting
Re: Error 13 on [tcp] connection with secure
« Reply #2 on: July 29, 2022, 12:08:10 PM »
Another possibility might be your trusted certificate files are out of date on your system.  If using Linux you may need to update the OS using apt-get or yum.

If using Windows PxPlus, ships with a trusted certificate bundle included, however you may need to make sure you have a recent ca-bundle.crt in your PxPlus install directory.  We update this with every release but if you do not keep your PxPlus current you need to update this file yourself. 

The file is generally avail on the Internet, you can find a recent one at https://github.com/bagder/ca-bundle/blob/master/ca-bundle.crt

Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

michaelgreer

  • Diamond Member
  • *****
  • Posts: 129
    • View Profile
Re: Error 13 on [tcp] connection with secure
« Reply #3 on: August 02, 2022, 10:56:28 AM »
Devon,
I tried this open: api.anvyl.com;443;secure;TLS1.1
Still got my error 13.  My version doesn't support TLS1.2.

Mike, I did not have a cert bundle but downloaded the one you referenced and put it in my pvx base directory. Still a no go.

Thoughts?
Michael

Devon Austen

  • Administrator
  • Diamond Member
  • *****
  • Posts: 382
  • Don’t Panic
    • View Profile
    • PVX Plus Technologies
Re: Error 13 on [tcp] connection with secure
« Reply #4 on: August 02, 2022, 11:07:20 AM »
Is this on Windows or a UNIX/Linux. If UNIX/Linux what distributions are you running?

PxPlus supports TLS 1.2 as of version 14 (PxPlus 2017). Since you are using version 15.1 TLS 1.2 support is there so my guess is you are on a older Linux distribution that has an older OpenSSL without TLS 1.2.

You do say it worked with postman which I would assume also uses the OS OpenSSL so I could be wrong and something else like a bad install over an old PxPlus may be at play here. Or maybe postman has built-in OpenSSL?
Principal Software Engineer for PVX Plus Technologies LTD.

Mike King

  • Diamond Member
  • *****
  • Posts: 3811
  • Mike King
    • View Profile
    • BBSysco Consulting
Re: Error 13 on [tcp] connection with secure
« Reply #5 on: August 02, 2022, 11:14:31 AM »
What message in MSG(-1) do you get when you issue:

open (1) "[tcp]api.anvyl.com;443;secure"

Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

michaelgreer

  • Diamond Member
  • *****
  • Posts: 129
    • View Profile
Re: Error 13 on [tcp] connection with secure
« Reply #6 on: August 02, 2022, 04:21:46 PM »
I currently have access to systems up through 1510.  I always get:

Unable to connect securely (err/ret=0/0)

I tried adding ";TLS1.2" after secure, but same thing (this was at 1510).


Mike King

  • Diamond Member
  • *****
  • Posts: 3811
  • Mike King
    • View Profile
    • BBSysco Consulting
Re: Error 13 on [tcp] connection with secure
« Reply #7 on: August 03, 2022, 08:42:33 AM »
What OS (and version) are you running on?

If Linux please check the version of Openssl installed on the system by entering the following at you OS command shell.

openssl version

Older versions of openssl may not be able to properly connect to newer sites as the industry has made using newer technology/procols a requirement in order to comply with legal security requirements such as PIC compliance.  If you are using an older OS it may not be able to connect.  Once you have the OpenSSL version you should be able to lookup what protocols it supports.

Also, although you have indicated you are using version 15.10, older versions (pre v14) do not support multiple SSL certificates at the same site - a capability called SNI.

We would suggest if you are unable to resolve this you might want to open a support ticket with your PxPlus supplier.
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

michaelgreer

  • Diamond Member
  • *****
  • Posts: 129
    • View Profile
Re: Error 13 on [tcp] connection with secure
« Reply #8 on: August 03, 2022, 03:08:38 PM »
Mike and Devon,

Thanks for your assistance and patience.  I am running windows where the issues are occurring. I did install the latest version of PxPlus and it had no issues.  I also do not find SSL installed on my machine.

Connected to the customer who is redhat, running pvx 12.50.  *No* issues, so this is done I guess.

Never mind on this --->  Seeing invalid key so staring in demo mode. One question. I have a PVXKEY set for all of my PxPlus instances.  When I launch the 2022 pxplus I expected to have an issue with that but it came up in Demo mode. How is it "ignoring" my PVXKEY env. variable?
« Last Edit: August 03, 2022, 03:16:26 PM by michaelgreer »