IBM-i Client Connection to webserver: handshake problem, connection reset at webserver

HTTPAPI_debug.txtWS HTTP API(library LIBHTTP).
IBM-i Client Connection to Webserver: handshake problem.  
Immediatelly after clientHello, the  server resets  connection.

ibm-i Joblog messages .
   Message . . . . :   (GSKit) An operation which is not valid for the current
     SSL session state was attempted.                                          
   Cause . . . . . :   No additional online help information is available.    
 40   18/01/19  15:36:49.874491  HTTPAPIR4    LIBHTTP     *STMT    RSUCISLO2  
   From module . . . . . . . . :   HTTPUTILR4                                  
   From procedure  . . . . . . :   HTTP_CRASH                                  Handshakke-problem-from-7_3-LPAR.docx
   Statement . . . . . . . . . :   4068                                        
   Message . . . . :   SSL Handshake: (GSKit) I/O: A connection with a remote  
     socket was reset by that

TLS-Version.PNG
asdf13Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary PattersonVP Technology / Senior Consultant Commented:
Is there a firewall between you and the endpoint you're trying to connect to?  If so, connection may be blocked.  Are you connecting to the correct port?

https://www-01.ibm.com/support/docview.wss?uid=nas8N1021098

Need more help?  Please provide more info, like a more complete job log, without cut-off messages and MSGIDs, and basic info about where you are connecting from, and to.  If you are connecting to a public API of some sort, provide basic connectivity info: IP/FQDN, port, description of service (no credentials, of course).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If this is a public site, post the URL for testing.

If not, you'll have to connect to your site using the openssl client to test your connection.

Keep in mind, if the site throwing the error is running very old SSL/TLS, then new clients simply won't be able to connect.

Best will be for you post a clickable URL to your site for testing.
asdf13Author Commented:
additional Info added (embedded files in Question) . . .
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Gary PattersonVP Technology / Senior Consultant Commented:
Looks like you are running an old version of HTTPAPI.  Suggest you update to the latest.  

QSSLPCL special value of *OPSYS means something different in V7R1 and V7R3.  You say you are using TLS 1.2, but

*OPSYS on V7R1 means *TLSV1 and *SSLV3 protocols are enabled.
*OPSYS on V7R3 means *TLSV1.2 *TLSV1.1 and *TLSV1.

You don't provide any information about the target system - need to make sure you are connecting with compatible protocol.

Is this just an HTTPAPI issue, or can you connect with cURL, for example?

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020876
asdf13Author Commented:
TLS Version info added.
Try to get more  info regarding webserver later . . .
asdf13Author Commented:
Hello,
Reason for failing handshake was found on webserver side : problem  was invalid certificate.
Sorry,  i had no Information about webserver, which  is outside of my responsibility ("third party")

Thanks for your advices.
Gary PattersonVP Technology / Senior Consultant Commented:
For future reference, you should probably try to connect to the site first manually: you can use command line tools like openssl, curl, and wget (from IBM i or Windows or Linux).  I also suggest using using a tool like Postman or SoapUI to test and experiment with web service connections and make you you understand the request and response formats before you try to write and test code.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
For fastest (and 100% correct) answers, post your actual URL for testing.

Also follow Gary's suggestion of testing with command line tools first.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
After you update your cert, use https://www.ssllabs.com/ssltest/ to ensure your entire SSL config is correct.

Tip: Testing/Knowing is always better than guessing.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
HTTP Protocol

From novice to tech pro — start learning today.