Posts Tagged ‘TCP/IP Secure’

Why do I get the following error? TCP/IP Secure reports : error1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:385: (6776)

Monday, June 16th, 2008

Question:

Why do I get the following error? TCP/IP Secure reports : error1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:385: (6776)

Answer:

This error can occur if your SSL protocols are not matched up. To verify these settings first check the SSL encryption level for Incoming calls on the MassTransit Server.

    From the MassTransit Administrator –

  • Select Setup.
  • Select Incoming Calls tab.
  • Select Communications Method TCP/IP Secure
  • Select Edit. Here, you will see the minimum security level required (RC4-128, 3DES, AES-128, AES-256).

The calling side should check their minimum encryption level.

    From the MassTransit Administrator –

  • Select Contacts.
  • Highlight the contact with whom the error occurs.
  • Select Edit
  • Select the Outgoing Calls tab.
  • Select Configure. Here, you will also find a pull-down that specifies the minimum encryption level. Please make sure it matches what is set for the MassTransit Server being called.

INFO: TCP/IP Secure Reports: No Shared Cipher

Wednesday, May 31st, 2006

Summary:

When using the TCP/IP Secure communication method between two MassTransit entities, the following error message may result, following a failed connection attempt:

TCP/IP Secure reports: error: 1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Description:

This connection error is usually the result of a failure to agree upon a minimum TCP/IP Secure encryption level among the two MassTransit entities. In other words, one side of the connection is expecting a stronger encryption strength than the other side is providing.

The MassTransit entity receiving the call can check minimum encryption level using the following process:

  • In the MassTransit Administrator go to Setup > Incoming Calls > TCP/IP Secure.
  • Locate the field titled “Select the minimum level of encryption for incoming calls.”
  • Take note of the setting in the corresponding pulldown box.
    NOTE: The encryption levels are listed in order of strength, from weakest to strongest.

    The MassTransit entity placing the call can also check their minimum encryption level using the following process:

  • Click Contacts from the Navigation Bar.
  • Select the appropriate contact and click Edit.
  • Click on the Outgoing Calls tab.
  • Locate the field “Select the minimum level of encryption to use.”
  • Take note of the setting in the corresponding pulldown box.
    NOTE: The encryption levels here are also listed in order of strength, from weakest to strongest.

    The expected minimum encryption level of the MassTransit entity PLACING the call must meet or exceed the expected minimum encryption level of the MassTransit entity RECEIVING the call. In the event that the “no shared cipher” message is received, an agreement on encryption levels was not established. As a result, an adjustment may need to be made to receiving entity’s minimum encryption level.

    QUICK TIP: If you continue to encounter shared cipher errors after making the mentioned adjustments, consider setting the minimum encryption levels on the sending and receiving sides to the same setting.