KB Article #176537
SecureTransport and Gateway interoperability issue when exchanging files via PeSIT with SSL/TLS
Problem
When SecureTransport is sending files to Gateway over PeSIT with SSL/TLS the SSL handshake is successful, however no transfer is performed and the connection time outs after 60 seconds. The same behavior is experienced when Gateway is the initiator of the connection.- The following error message is observed in SecureTransport's Server Log (TM component):
Connection failure while connecting to remote host 10.133.9.162:6,330 as user null: Didn't receive expected CONNECT_CONF response on time (60 seconds). - The following error message is observed in Gateway reports:
9/23/2014 4:49:40 p.m. FPSIT107E PROBTP (40037382) [0] ABORT received: 9310.
9/23/2014 4:49:40 p.m. FPSIT039I E1RPRO01 (191494) [0] connection interrupted with PROBTP.
9/23/2014 4:49:40 p.m. SUP011W SI2MMALAKOFFPESITE_EXT (0) connection abort indication: reason = "160 Connection ABORT" /prot.diag="310, Network fault "/ error = 0.
Resolution
Gateway has a specific TLS option within its TLS Security Profile which controls the packet protocol header policy, which by default is set to 'Unused'. The option is called 'Protocol packet header policy in TLS' which has three possible values 'Unused' (Default) 'Used' and 'Detect'.When Gateway is setup to exchange files with SecureTransport the 'Protocol packet header policy in TLS" must be set to either 'Used' or 'Detect' for both server and client TLS profiles for the transfers to work successfully.
In order to set the 'Protocol packet header policy in TLS' navigate to 'Security Management->Transfer Security Management->Security Profile->TLS Profile then select 'Details' and find the 'Protocol packet header policy in TLS' at the bottom.
Related articles:
https://support.axway.com/kb/72344/language/en
https://support.axway.com/kb/173207/language/en