KB Article #177990

SSL Handshake is completed, then, the connection fails.

Problem

SSL Handshake is completed, then, the connection fails

Requester side errors:

CFTH13E FPDU Remote reject <PART=MyPart DIAGI=730 DIAGP=RCO 399>

CFTT75E connect reject <IDTU=Z0000ZBT PART=MyPart IDM=MyIDM IDT=F0714363 730 RCO 399>

Server side errors:

CFTT48E Server session rejected <PART=MyPart SSL=MyPartSSL reason=VERIFY>

CFTH22E NPART=MyPart rejected DIAGI=260

Resolution

The main issue is highlighted in the message CFTT48E where the reason is VERIFY

There is a conflict concerning the VERIFY parameter on the server.

The VERIFY parameter in CFTSSL attached to the CFTPROT is set to OPTIONAL while it is set to REQUIRED in the CFTSSL server attached to the CFTPART.

If the VERIFY is set to OPTIONAL in the CFTSSL attached to the CFTPROT, it cannot be other than OPTIONAL or NONE in CFTSSL server. (and definitely not set to REQUIRED).

Affected OS

win-x86-64

win-x86-32

win-ia64-64

vms-ia64

vms-alpha

uxw-x86-32

tru64-alpha-64

sun-x86-64

sun-x86-32

sun-sparc-64

sun-sparc-32

sco-x86-32

os2200

linux-x86-64

linux-x86-32

linux-s390-64

linux-s390-32

linux-ia64-64

irix-mips-64

hpux-parisc-64

hpux-parisc-32

hpux-ia64-64

hpnonstop-x86-32

hpnonstop-ia64-32

aix-power-64

aix-power-32

Windows 3/95/98

Vse

Vos

Vms Itanium

Vms Alpha

Vms

Utower

UnixWare

Unisys

Ultrix

Ulsx6500

Ulsx5000

U6000

U3000

Tunix

Tru64

TI1500

Spix

Sinix

Sco

Qnx

Os2

OS400

Numa-Q

Netware

Mvs

MS/DOS

Linux z/Series

Linux Station x86

Linux Station Itanium

Guardian Itanium

Guardian

Gcos8

Gcos7

Gcos6

Ctos

Bs2000

Bos

Aviion

...Other

Problem

Resolution

Still need help?