*plus/web/request - Unable to connect securely

Started by Stéphane Devouard, October 23, 2024, 03:21:55 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Stéphane Devouard

October 23, 2024, 03:21:55 AM
Hello

Our ERP is interfaced to a bunch of external webservice APIs for various purposes
We are using *plus/web/request for all theses interfaces

We randomly get these errors returned by *plus/web/request :


Code Select
Cannot contact host server xxxxxxxxxxxx;443;secure Unable to connect securely (err/ret=4/4)
This sounds like an issue with SSL/TLS. The last part is returned in MSG(-1). Can PxPlus support confirm in which case such a message is returned ?

The question is : is there any way of knowing if the issue comes from our server or from the 3rd-party host (whose IT department's, when asked, always respond that they haven't found any issue in their infrastructure).

Has anyone else got a similar issue and was able to troubleshoot it ?

TIA
Stéphane Devouard
Portfolio | Work

Devon Austen

#1
October 23, 2024, 08:03:38 AM
Hi Stéphane,

This is the error you will get if the client and server can't agree on a protocol and/or cipher to use for the TLS communication. So if a older PxPlus tries to talk with a more modern server it may get refused because it doesn't support a secure TLS protocol or a secure cipher according to the server. It can work in reverse with a newer PxPlus and a old server where the server only supports older TLS protocol or ciphers that the client doesn't accept.

This would not be random though. You would always get the error for that client server combo until either the client or server upgraded.

You can check your version of PxPlus and figure out what version of OpenSSL you are using. This will tell you what TLS protocols are supported and what ciphers are supported via some web searching.

You can also run a free ssl/tls scan (https://www.ssllabs.com/ssltest/) on the server to find out what TLS protocols it supports and what ciphers it supports. This may help you identify the issue.
Principal Software Engineer for PVX Plus Technologies LTD.

Mike King

#2
October 23, 2024, 11:06:35 AM
Another possibility might be traffic related.  The system only provides a limited time for the SSL/TLS handshake to complete so if the host server is slow to respond you might get a connection failure.  The connection timeout is there in case you accidentally connect to a non-secure server which is not going to respond to the connection request.

Unfortunately I don't remember what the default timeout value is nor if it is able to be changed.

I would suggest if the error is "failure to connect" you simply retry the request,
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com
Print
Go Up Pages1
User actions