We help IT Professionals succeed at work.

HandShake Error

Michael Houser
on
Low Priority
186 Views
Last Modified: 2018-02-27
We have an issue right now where when our cust service team runs a credit card they at times receive a handshake error. We run a IBM i AS/400 that connects to a backend called Curbstone. Here is a break down of how this works Here is what is supposed to happen.

When credit cards are run curbstone opens a connection to paymenttech.
At this point the IBM I sends along “cipher suite, decryption keys” this information is accepted by paymenttech and the transaction continues.

Here is what is happening now.
Curbstone opens a connection to paymenttech.  At this point the IBM I sends along “cipher suite, decryption keys” this information is now rejected by paymenttech the transaction fails and the handshake error pops up. I have run a trccnn on the IBM i and in wireshark. Both curbstone and paymenttech don't see any issues on their end. I did call paymenttech today and a transaction that I saw on the IBM i didn't get to them resulting in the handshake error. I don't think its an issue with our network because it isn't a constant issue. I thought perhaps there was some job running at the time of the handshake error but that doesn't seem to be an issue. This issue ramps up at between 4pm and 6pm on Fridays. Why? I can't seem to find a reason.
TLS_FAILED_HANDSHAKE.pcap
Comment
Watch Question

Gary PattersonVP Technology / Senior Consultant
CERTIFIED EXPERT

Commented:
This really is a vendor technical support issue.  Surprised they haven't been able to resolve it for you.  I won't be able to dig through the PCAP file for a day or two, but in the meantime, please provide some additional information:

Please provide the actual error:  CPFxxx, and full first and second level text.  In this context, it sounds like you are describing an "SSL/TLS Handshake error".  What job is throwing this error, what does the program stack look like?  Does the job hang?  If so, provide a complete DSPJOB, option 30, plus a complete DSPJOBLOG, with second level text.

SSL/TLS Handshake is a conversation used to set up a secure transfer session:

https://www.ssl.com/article/ssl-tls-handshake-overview/

You said:

At this point the IBM I sends along “cipher suite, decryption keys” this information is now rejected by paymenttech the transaction fails and the handshake error pops up. I have run a trccnn on the IBM i and in wireshark. Both curbstone and paymenttech don't see any issues on their end.

How can that be true if Paymentech doesn't see the error?  

The fact that the problem is apparently intermittent, and that it occurs during what, if I might hazard a guess, is a peak time (is it?), tends to indicate a resource contention issue of some sort - especially since your trading partner, who is probably pretty sophisticated about these issues, doesn't see a problem at their end.  Hard to say without a more complete understanding of just what it is Curbstone's tools is doing in the middle.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.