Troubleshooting AS2 connection problems - TCP RST being sent after TLS handshake
I've got an AS2 server application (RSSBus) running in IIS 7.5 on Windows Server 2008 R2. I have a few active connections that work fine over HTTP, but none that are working over HTTPS. There are two different trading partners where I have tried to establish an HTTPS connection, but they fail and the error message I receive from them are very similar. Note that I have an valid SSL certificate configured for the domain I am using and I am confident that is working just fine.
The errors I'm receiving from my trading partners lead me to believe the problem is a configuration error on my end, but I haven't been able to figure out the problem.
Below is one of the errors (I've redacted some identifying information):
2018/10/30 16:38:33 Run: type="API"
2018/10/30 16:38:35 Detail: "Using proxy http://xxxxxxxx:8080..." level=1
2018/10/30 16:38:35 Result: "Success" "Return status=0"
2018/10/30 16:38:35 Detail: "Connecting to https://www.yyyyyyyy.com:443..."
2018/10/30 16:38:35 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:38:35 transferID="AS2-20181030_163835722-J" docDBTransferID="37ede9ac-a23d-4ed6-85bc-879d4939a04f"
2018/10/30 16:38:35 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:38:35 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:38:35 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:38:44 Exception: "java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(SourceFile:291)
at iaik.security.ssl.ab.b(SourceFile:452)
at iaik.security.ssl.ab.e(SourceFile:374)
at iaik.security.ssl.y.f(SourceFile:365)
at iaik.security.ssl.n.b(SourceFile:729)
at iaik.security.ssl.n.a(SourceFile:1509)
at iaik.security.ssl.y.d(SourceFile:784)
at iaik.security.ssl.SSLTransport.startHandshake(SourceFile:569)
at iaik.security.ssl.SSLSocket.startHandshake(SourceFile:386)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3094)
at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2910)
at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2702)
at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1148)
at com.cleo.lexicom.protocols.http.HTTP.post(HTTP.java:750)
at com.cleo.lexicom.beans.as2bean.HttpSender.prepareToSend(HttpSender.java:206)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendSignedThenCompressedAndEncryptedMessage(SMimeClient.java:2163)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendMessage(SMimeClient.java:364)
at com.cleo.lexicom.beans.as2bean.AS2Action.post(AS2Action.java:398)
at com.cleo.lexicom.beans.httpbean.HttpAction.issue(HttpAction.java:2602)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:1139)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:890)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:846)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:800)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFileLoop(HttpAction.java:704)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:614)
at com.cleo.lexicom.beans.httpbean.HttpAction.macroCommand(HttpAction.java:461)
at com.cleo.lexicom.beans.LexActionBean.executeCommand(LexActionBean.java:4199)
at com.cleo.lexicom.beans.LexActionBean$LexBeanRunCommand.run(LexActionBean.java:4315)
at java.lang.Thread.run(Thread.java:748) "
2018/10/30 16:38:44 Hint: "Host did not send a complete response before closing connection."
2018/10/30 16:38:44 Result: "Exception" "java.io.EOFException: Connection closed by remote host."
2018/10/30 16:38:44 End
I've run wireshark during this connection test and I see that it goes through the normal connection process, but after I see "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message" from the sender to my server, my server sends back [RST, ACK], as shown below:
I've looked at the connection timeout setting on my AS2 server and it's set to 60 seconds, which I believe is plenty long enough, and judging by the timestamps above, the reset is being sent almost immediately.
On my server, I have used the application IIS Crypto to enable only the "best practices" Protocols (TLS 1.0,1.1,1.2), Ciphers (3DES 168, AES 128/128, AES 256/256), Hashes (MD5, SHA, SHA 256, SHA 384, SHA 512), and Key Exchanges (Diffie-Hellman, PKCS, ECDH). It's possible that I have disabled something that my trading partners are using, but I know they're both using TLS 1.2 and I saw a Diffie-Hellman key in the Wireshark information, so I don't think that's the case either. However, my knowledge of this is very limited so I could be way off.
I'm really just trying to figure out where to look next. Is there something in Wireshark that I can use to figure out the problem? I've tried examining some of the frames, but haven't seen anything that's helped me much yet.
Note that the same exact connection test succeeds when I switch from HTTPS to http. That success test can be viewed below:
2018/10/30 16:28:37 Run: type="API"
2018/10/30 16:28:38 Detail: "Using proxy http://xxxxxx:8080..." level=1
2018/10/30 16:28:38 Result: "Success" "Return status=0"
2018/10/30 16:28:38 Detail: "Connecting to http://www.yyyyyyy.com:80..."
2018/10/30 16:28:38 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:28:38 transferID="AS2-20181030_162838070-J" docDBTransferID="d621b86f-0600-46bb-ac12-3cb5bb9e6203"
2018/10/30 16:28:38 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:28:38 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:28:38 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:28:38 Detail: "Waiting for response..." level=1
2018/10/30 16:28:38 File: source="MDN" direction="Host->Local" destination="AS2/mdn/xxxxx/received/CLEO-20181030_212838173-44K62B@08925485US00_8436230-J_20181030-162838.mdn" number=1 of 1
2018/10/30 16:28:38 Response: "200 OK"
2018/10/30 16:28:38 Result: "Success" "Sent and Received Message Integrity Check codes match Source file copied to '/edi/mft/data/AS2/edi/xxxxx/sentbox/sendTest_X12_HY1139-MB8931_20181030-162838'."
2018/10/30 16:28:38 End
https tcp iis-7.5 wireshark edi
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
add a comment |
I've got an AS2 server application (RSSBus) running in IIS 7.5 on Windows Server 2008 R2. I have a few active connections that work fine over HTTP, but none that are working over HTTPS. There are two different trading partners where I have tried to establish an HTTPS connection, but they fail and the error message I receive from them are very similar. Note that I have an valid SSL certificate configured for the domain I am using and I am confident that is working just fine.
The errors I'm receiving from my trading partners lead me to believe the problem is a configuration error on my end, but I haven't been able to figure out the problem.
Below is one of the errors (I've redacted some identifying information):
2018/10/30 16:38:33 Run: type="API"
2018/10/30 16:38:35 Detail: "Using proxy http://xxxxxxxx:8080..." level=1
2018/10/30 16:38:35 Result: "Success" "Return status=0"
2018/10/30 16:38:35 Detail: "Connecting to https://www.yyyyyyyy.com:443..."
2018/10/30 16:38:35 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:38:35 transferID="AS2-20181030_163835722-J" docDBTransferID="37ede9ac-a23d-4ed6-85bc-879d4939a04f"
2018/10/30 16:38:35 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:38:35 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:38:35 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:38:44 Exception: "java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(SourceFile:291)
at iaik.security.ssl.ab.b(SourceFile:452)
at iaik.security.ssl.ab.e(SourceFile:374)
at iaik.security.ssl.y.f(SourceFile:365)
at iaik.security.ssl.n.b(SourceFile:729)
at iaik.security.ssl.n.a(SourceFile:1509)
at iaik.security.ssl.y.d(SourceFile:784)
at iaik.security.ssl.SSLTransport.startHandshake(SourceFile:569)
at iaik.security.ssl.SSLSocket.startHandshake(SourceFile:386)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3094)
at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2910)
at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2702)
at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1148)
at com.cleo.lexicom.protocols.http.HTTP.post(HTTP.java:750)
at com.cleo.lexicom.beans.as2bean.HttpSender.prepareToSend(HttpSender.java:206)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendSignedThenCompressedAndEncryptedMessage(SMimeClient.java:2163)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendMessage(SMimeClient.java:364)
at com.cleo.lexicom.beans.as2bean.AS2Action.post(AS2Action.java:398)
at com.cleo.lexicom.beans.httpbean.HttpAction.issue(HttpAction.java:2602)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:1139)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:890)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:846)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:800)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFileLoop(HttpAction.java:704)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:614)
at com.cleo.lexicom.beans.httpbean.HttpAction.macroCommand(HttpAction.java:461)
at com.cleo.lexicom.beans.LexActionBean.executeCommand(LexActionBean.java:4199)
at com.cleo.lexicom.beans.LexActionBean$LexBeanRunCommand.run(LexActionBean.java:4315)
at java.lang.Thread.run(Thread.java:748) "
2018/10/30 16:38:44 Hint: "Host did not send a complete response before closing connection."
2018/10/30 16:38:44 Result: "Exception" "java.io.EOFException: Connection closed by remote host."
2018/10/30 16:38:44 End
I've run wireshark during this connection test and I see that it goes through the normal connection process, but after I see "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message" from the sender to my server, my server sends back [RST, ACK], as shown below:
I've looked at the connection timeout setting on my AS2 server and it's set to 60 seconds, which I believe is plenty long enough, and judging by the timestamps above, the reset is being sent almost immediately.
On my server, I have used the application IIS Crypto to enable only the "best practices" Protocols (TLS 1.0,1.1,1.2), Ciphers (3DES 168, AES 128/128, AES 256/256), Hashes (MD5, SHA, SHA 256, SHA 384, SHA 512), and Key Exchanges (Diffie-Hellman, PKCS, ECDH). It's possible that I have disabled something that my trading partners are using, but I know they're both using TLS 1.2 and I saw a Diffie-Hellman key in the Wireshark information, so I don't think that's the case either. However, my knowledge of this is very limited so I could be way off.
I'm really just trying to figure out where to look next. Is there something in Wireshark that I can use to figure out the problem? I've tried examining some of the frames, but haven't seen anything that's helped me much yet.
Note that the same exact connection test succeeds when I switch from HTTPS to http. That success test can be viewed below:
2018/10/30 16:28:37 Run: type="API"
2018/10/30 16:28:38 Detail: "Using proxy http://xxxxxx:8080..." level=1
2018/10/30 16:28:38 Result: "Success" "Return status=0"
2018/10/30 16:28:38 Detail: "Connecting to http://www.yyyyyyy.com:80..."
2018/10/30 16:28:38 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:28:38 transferID="AS2-20181030_162838070-J" docDBTransferID="d621b86f-0600-46bb-ac12-3cb5bb9e6203"
2018/10/30 16:28:38 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:28:38 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:28:38 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:28:38 Detail: "Waiting for response..." level=1
2018/10/30 16:28:38 File: source="MDN" direction="Host->Local" destination="AS2/mdn/xxxxx/received/CLEO-20181030_212838173-44K62B@08925485US00_8436230-J_20181030-162838.mdn" number=1 of 1
2018/10/30 16:28:38 Response: "200 OK"
2018/10/30 16:28:38 Result: "Success" "Sent and Received Message Integrity Check codes match Source file copied to '/edi/mft/data/AS2/edi/xxxxx/sentbox/sendTest_X12_HY1139-MB8931_20181030-162838'."
2018/10/30 16:28:38 End
https tcp iis-7.5 wireshark edi
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
add a comment |
I've got an AS2 server application (RSSBus) running in IIS 7.5 on Windows Server 2008 R2. I have a few active connections that work fine over HTTP, but none that are working over HTTPS. There are two different trading partners where I have tried to establish an HTTPS connection, but they fail and the error message I receive from them are very similar. Note that I have an valid SSL certificate configured for the domain I am using and I am confident that is working just fine.
The errors I'm receiving from my trading partners lead me to believe the problem is a configuration error on my end, but I haven't been able to figure out the problem.
Below is one of the errors (I've redacted some identifying information):
2018/10/30 16:38:33 Run: type="API"
2018/10/30 16:38:35 Detail: "Using proxy http://xxxxxxxx:8080..." level=1
2018/10/30 16:38:35 Result: "Success" "Return status=0"
2018/10/30 16:38:35 Detail: "Connecting to https://www.yyyyyyyy.com:443..."
2018/10/30 16:38:35 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:38:35 transferID="AS2-20181030_163835722-J" docDBTransferID="37ede9ac-a23d-4ed6-85bc-879d4939a04f"
2018/10/30 16:38:35 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:38:35 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:38:35 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:38:44 Exception: "java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(SourceFile:291)
at iaik.security.ssl.ab.b(SourceFile:452)
at iaik.security.ssl.ab.e(SourceFile:374)
at iaik.security.ssl.y.f(SourceFile:365)
at iaik.security.ssl.n.b(SourceFile:729)
at iaik.security.ssl.n.a(SourceFile:1509)
at iaik.security.ssl.y.d(SourceFile:784)
at iaik.security.ssl.SSLTransport.startHandshake(SourceFile:569)
at iaik.security.ssl.SSLSocket.startHandshake(SourceFile:386)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3094)
at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2910)
at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2702)
at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1148)
at com.cleo.lexicom.protocols.http.HTTP.post(HTTP.java:750)
at com.cleo.lexicom.beans.as2bean.HttpSender.prepareToSend(HttpSender.java:206)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendSignedThenCompressedAndEncryptedMessage(SMimeClient.java:2163)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendMessage(SMimeClient.java:364)
at com.cleo.lexicom.beans.as2bean.AS2Action.post(AS2Action.java:398)
at com.cleo.lexicom.beans.httpbean.HttpAction.issue(HttpAction.java:2602)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:1139)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:890)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:846)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:800)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFileLoop(HttpAction.java:704)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:614)
at com.cleo.lexicom.beans.httpbean.HttpAction.macroCommand(HttpAction.java:461)
at com.cleo.lexicom.beans.LexActionBean.executeCommand(LexActionBean.java:4199)
at com.cleo.lexicom.beans.LexActionBean$LexBeanRunCommand.run(LexActionBean.java:4315)
at java.lang.Thread.run(Thread.java:748) "
2018/10/30 16:38:44 Hint: "Host did not send a complete response before closing connection."
2018/10/30 16:38:44 Result: "Exception" "java.io.EOFException: Connection closed by remote host."
2018/10/30 16:38:44 End
I've run wireshark during this connection test and I see that it goes through the normal connection process, but after I see "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message" from the sender to my server, my server sends back [RST, ACK], as shown below:
I've looked at the connection timeout setting on my AS2 server and it's set to 60 seconds, which I believe is plenty long enough, and judging by the timestamps above, the reset is being sent almost immediately.
On my server, I have used the application IIS Crypto to enable only the "best practices" Protocols (TLS 1.0,1.1,1.2), Ciphers (3DES 168, AES 128/128, AES 256/256), Hashes (MD5, SHA, SHA 256, SHA 384, SHA 512), and Key Exchanges (Diffie-Hellman, PKCS, ECDH). It's possible that I have disabled something that my trading partners are using, but I know they're both using TLS 1.2 and I saw a Diffie-Hellman key in the Wireshark information, so I don't think that's the case either. However, my knowledge of this is very limited so I could be way off.
I'm really just trying to figure out where to look next. Is there something in Wireshark that I can use to figure out the problem? I've tried examining some of the frames, but haven't seen anything that's helped me much yet.
Note that the same exact connection test succeeds when I switch from HTTPS to http. That success test can be viewed below:
2018/10/30 16:28:37 Run: type="API"
2018/10/30 16:28:38 Detail: "Using proxy http://xxxxxx:8080..." level=1
2018/10/30 16:28:38 Result: "Success" "Return status=0"
2018/10/30 16:28:38 Detail: "Connecting to http://www.yyyyyyy.com:80..."
2018/10/30 16:28:38 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:28:38 transferID="AS2-20181030_162838070-J" docDBTransferID="d621b86f-0600-46bb-ac12-3cb5bb9e6203"
2018/10/30 16:28:38 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:28:38 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:28:38 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:28:38 Detail: "Waiting for response..." level=1
2018/10/30 16:28:38 File: source="MDN" direction="Host->Local" destination="AS2/mdn/xxxxx/received/CLEO-20181030_212838173-44K62B@08925485US00_8436230-J_20181030-162838.mdn" number=1 of 1
2018/10/30 16:28:38 Response: "200 OK"
2018/10/30 16:28:38 Result: "Success" "Sent and Received Message Integrity Check codes match Source file copied to '/edi/mft/data/AS2/edi/xxxxx/sentbox/sendTest_X12_HY1139-MB8931_20181030-162838'."
2018/10/30 16:28:38 End
https tcp iis-7.5 wireshark edi
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
I've got an AS2 server application (RSSBus) running in IIS 7.5 on Windows Server 2008 R2. I have a few active connections that work fine over HTTP, but none that are working over HTTPS. There are two different trading partners where I have tried to establish an HTTPS connection, but they fail and the error message I receive from them are very similar. Note that I have an valid SSL certificate configured for the domain I am using and I am confident that is working just fine.
The errors I'm receiving from my trading partners lead me to believe the problem is a configuration error on my end, but I haven't been able to figure out the problem.
Below is one of the errors (I've redacted some identifying information):
2018/10/30 16:38:33 Run: type="API"
2018/10/30 16:38:35 Detail: "Using proxy http://xxxxxxxx:8080..." level=1
2018/10/30 16:38:35 Result: "Success" "Return status=0"
2018/10/30 16:38:35 Detail: "Connecting to https://www.yyyyyyyy.com:443..."
2018/10/30 16:38:35 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:38:35 transferID="AS2-20181030_163835722-J" docDBTransferID="37ede9ac-a23d-4ed6-85bc-879d4939a04f"
2018/10/30 16:38:35 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:38:35 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:38:35 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:38:44 Exception: "java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(SourceFile:291)
at iaik.security.ssl.ab.b(SourceFile:452)
at iaik.security.ssl.ab.e(SourceFile:374)
at iaik.security.ssl.y.f(SourceFile:365)
at iaik.security.ssl.n.b(SourceFile:729)
at iaik.security.ssl.n.a(SourceFile:1509)
at iaik.security.ssl.y.d(SourceFile:784)
at iaik.security.ssl.SSLTransport.startHandshake(SourceFile:569)
at iaik.security.ssl.SSLSocket.startHandshake(SourceFile:386)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3094)
at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2910)
at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2702)
at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1148)
at com.cleo.lexicom.protocols.http.HTTP.post(HTTP.java:750)
at com.cleo.lexicom.beans.as2bean.HttpSender.prepareToSend(HttpSender.java:206)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendSignedThenCompressedAndEncryptedMessage(SMimeClient.java:2163)
at com.cleo.lexicom.beans.as2bean.SMimeClient.sendMessage(SMimeClient.java:364)
at com.cleo.lexicom.beans.as2bean.AS2Action.post(AS2Action.java:398)
at com.cleo.lexicom.beans.httpbean.HttpAction.issue(HttpAction.java:2602)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:1139)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:890)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:846)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFile(HttpAction.java:800)
at com.cleo.lexicom.beans.httpbean.HttpAction.putFileLoop(HttpAction.java:704)
at com.cleo.lexicom.beans.httpbean.HttpAction.put(HttpAction.java:614)
at com.cleo.lexicom.beans.httpbean.HttpAction.macroCommand(HttpAction.java:461)
at com.cleo.lexicom.beans.LexActionBean.executeCommand(LexActionBean.java:4199)
at com.cleo.lexicom.beans.LexActionBean$LexBeanRunCommand.run(LexActionBean.java:4315)
at java.lang.Thread.run(Thread.java:748) "
2018/10/30 16:38:44 Hint: "Host did not send a complete response before closing connection."
2018/10/30 16:38:44 Result: "Exception" "java.io.EOFException: Connection closed by remote host."
2018/10/30 16:38:44 End
I've run wireshark during this connection test and I see that it goes through the normal connection process, but after I see "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message" from the sender to my server, my server sends back [RST, ACK], as shown below:
I've looked at the connection timeout setting on my AS2 server and it's set to 60 seconds, which I believe is plenty long enough, and judging by the timestamps above, the reset is being sent almost immediately.
On my server, I have used the application IIS Crypto to enable only the "best practices" Protocols (TLS 1.0,1.1,1.2), Ciphers (3DES 168, AES 128/128, AES 256/256), Hashes (MD5, SHA, SHA 256, SHA 384, SHA 512), and Key Exchanges (Diffie-Hellman, PKCS, ECDH). It's possible that I have disabled something that my trading partners are using, but I know they're both using TLS 1.2 and I saw a Diffie-Hellman key in the Wireshark information, so I don't think that's the case either. However, my knowledge of this is very limited so I could be way off.
I'm really just trying to figure out where to look next. Is there something in Wireshark that I can use to figure out the problem? I've tried examining some of the frames, but haven't seen anything that's helped me much yet.
Note that the same exact connection test succeeds when I switch from HTTPS to http. That success test can be viewed below:
2018/10/30 16:28:37 Run: type="API"
2018/10/30 16:28:38 Detail: "Using proxy http://xxxxxx:8080..." level=1
2018/10/30 16:28:38 Result: "Success" "Return status=0"
2018/10/30 16:28:38 Detail: "Connecting to http://www.yyyyyyy.com:80..."
2018/10/30 16:28:38 File: source="/edi/mft/harmony/sendtest/sendTest_X12" direction="Local->Host" number=1 of 1 fileSize=529 fileTimeStamp=2018/10/30 16:28:38 transferID="AS2-20181030_162838070-J" docDBTransferID="d621b86f-0600-46bb-ac12-3cb5bb9e6203"
2018/10/30 16:28:38 HTTP: "POST /rssbus/pub/Receive.rsb"
2018/10/30 16:28:38 Detail: "AS2-From: SenderAS2Id, AS2-To: ReceiverAS2Id, Subject: EDIINTDATA, Content-Type: X12"
2018/10/30 16:28:38 Detail: "Sending signed and encrypted [TripleDES] message to ReceiverAS2Id..." level=1
2018/10/30 16:28:38 Detail: "Waiting for response..." level=1
2018/10/30 16:28:38 File: source="MDN" direction="Host->Local" destination="AS2/mdn/xxxxx/received/CLEO-20181030_212838173-44K62B@08925485US00_8436230-J_20181030-162838.mdn" number=1 of 1
2018/10/30 16:28:38 Response: "200 OK"
2018/10/30 16:28:38 Result: "Success" "Sent and Received Message Integrity Check codes match Source file copied to '/edi/mft/data/AS2/edi/xxxxx/sentbox/sendTest_X12_HY1139-MB8931_20181030-162838'."
2018/10/30 16:28:38 End
https tcp iis-7.5 wireshark edi
https tcp iis-7.5 wireshark edi
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
edited Oct 31 '18 at 13:27
Gage Trader
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
asked Oct 30 '18 at 22:34
Gage TraderGage Trader
173111
173111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
This question is 16 days old but I hope you're still around because you've found the right person. I deal with this kind of stuff all the time and it can be a real pain in the ass. The most important thing to remember is that although AS2 and HTTPS are insanely complicated, the actual options you have to play around with in RSSBus are pretty limited. Yes WireShark can help diagnosing some hairy issues, but there are many other places to look before you dive into WireShark with your fingers crossed.
So let's start from the top, you have working HTTP connections and you're confident that the issues you're having are related to SSL.
What exactly is it you're trying to do? It looks like you're trying to send files to the HTTPS URL of your partner, and you get the "Connection closed by remote host" from both partners. Can you receive files from them?
I'm going to take a wild Hail Mary guess here and say that maybe the problem is incompatible SSL/TLS. RSSBus actually uses Windows Schannel for SSL, it is not built into the software (this is true for most AS2 software, they'd be silly not to). So your SSL capabilities are bound by Windows Server 2008 R2. So let's look it up: https://docs.microsoft.com/en-us/windows/desktop/secauthn/protocols-in-tls-ssl--schannel-ssp-
What does it say for 2008 R2? Only TLS 1.0 is enabled by default. TLS 1.1 and 1.2 are disabled. So unless you've enabled these manually, during the SSL handshake your trading partners server asks for TLS 1.2, and your Windows Server 2008 R2 says no thanks it's disabled, bye, connection closed. You're probably thinking "But Tom, I can see the TLS 1.2 box ticked in RSSBus!". My answer is "Get baited kid" because that's essentially what RSSBus told me (although their support team really is quite knowledgeable).
How do you enable these? I dunno really, I've never done it successfully because I was using even older operating systems when I ran into this issue. I ended up moving to Windows 10 and calling it a day (this caused a problem with another trading partner's SSLv2, but that's another story). It shouldn't be too hard though, give it a Google and let me know how you go.
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53073837%2ftroubleshooting-as2-connection-problems-tcp-rst-being-sent-after-tls-handshake%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This question is 16 days old but I hope you're still around because you've found the right person. I deal with this kind of stuff all the time and it can be a real pain in the ass. The most important thing to remember is that although AS2 and HTTPS are insanely complicated, the actual options you have to play around with in RSSBus are pretty limited. Yes WireShark can help diagnosing some hairy issues, but there are many other places to look before you dive into WireShark with your fingers crossed.
So let's start from the top, you have working HTTP connections and you're confident that the issues you're having are related to SSL.
What exactly is it you're trying to do? It looks like you're trying to send files to the HTTPS URL of your partner, and you get the "Connection closed by remote host" from both partners. Can you receive files from them?
I'm going to take a wild Hail Mary guess here and say that maybe the problem is incompatible SSL/TLS. RSSBus actually uses Windows Schannel for SSL, it is not built into the software (this is true for most AS2 software, they'd be silly not to). So your SSL capabilities are bound by Windows Server 2008 R2. So let's look it up: https://docs.microsoft.com/en-us/windows/desktop/secauthn/protocols-in-tls-ssl--schannel-ssp-
What does it say for 2008 R2? Only TLS 1.0 is enabled by default. TLS 1.1 and 1.2 are disabled. So unless you've enabled these manually, during the SSL handshake your trading partners server asks for TLS 1.2, and your Windows Server 2008 R2 says no thanks it's disabled, bye, connection closed. You're probably thinking "But Tom, I can see the TLS 1.2 box ticked in RSSBus!". My answer is "Get baited kid" because that's essentially what RSSBus told me (although their support team really is quite knowledgeable).
How do you enable these? I dunno really, I've never done it successfully because I was using even older operating systems when I ran into this issue. I ended up moving to Windows 10 and calling it a day (this caused a problem with another trading partner's SSLv2, but that's another story). It shouldn't be too hard though, give it a Google and let me know how you go.
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
add a comment |
This question is 16 days old but I hope you're still around because you've found the right person. I deal with this kind of stuff all the time and it can be a real pain in the ass. The most important thing to remember is that although AS2 and HTTPS are insanely complicated, the actual options you have to play around with in RSSBus are pretty limited. Yes WireShark can help diagnosing some hairy issues, but there are many other places to look before you dive into WireShark with your fingers crossed.
So let's start from the top, you have working HTTP connections and you're confident that the issues you're having are related to SSL.
What exactly is it you're trying to do? It looks like you're trying to send files to the HTTPS URL of your partner, and you get the "Connection closed by remote host" from both partners. Can you receive files from them?
I'm going to take a wild Hail Mary guess here and say that maybe the problem is incompatible SSL/TLS. RSSBus actually uses Windows Schannel for SSL, it is not built into the software (this is true for most AS2 software, they'd be silly not to). So your SSL capabilities are bound by Windows Server 2008 R2. So let's look it up: https://docs.microsoft.com/en-us/windows/desktop/secauthn/protocols-in-tls-ssl--schannel-ssp-
What does it say for 2008 R2? Only TLS 1.0 is enabled by default. TLS 1.1 and 1.2 are disabled. So unless you've enabled these manually, during the SSL handshake your trading partners server asks for TLS 1.2, and your Windows Server 2008 R2 says no thanks it's disabled, bye, connection closed. You're probably thinking "But Tom, I can see the TLS 1.2 box ticked in RSSBus!". My answer is "Get baited kid" because that's essentially what RSSBus told me (although their support team really is quite knowledgeable).
How do you enable these? I dunno really, I've never done it successfully because I was using even older operating systems when I ran into this issue. I ended up moving to Windows 10 and calling it a day (this caused a problem with another trading partner's SSLv2, but that's another story). It shouldn't be too hard though, give it a Google and let me know how you go.
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
add a comment |
This question is 16 days old but I hope you're still around because you've found the right person. I deal with this kind of stuff all the time and it can be a real pain in the ass. The most important thing to remember is that although AS2 and HTTPS are insanely complicated, the actual options you have to play around with in RSSBus are pretty limited. Yes WireShark can help diagnosing some hairy issues, but there are many other places to look before you dive into WireShark with your fingers crossed.
So let's start from the top, you have working HTTP connections and you're confident that the issues you're having are related to SSL.
What exactly is it you're trying to do? It looks like you're trying to send files to the HTTPS URL of your partner, and you get the "Connection closed by remote host" from both partners. Can you receive files from them?
I'm going to take a wild Hail Mary guess here and say that maybe the problem is incompatible SSL/TLS. RSSBus actually uses Windows Schannel for SSL, it is not built into the software (this is true for most AS2 software, they'd be silly not to). So your SSL capabilities are bound by Windows Server 2008 R2. So let's look it up: https://docs.microsoft.com/en-us/windows/desktop/secauthn/protocols-in-tls-ssl--schannel-ssp-
What does it say for 2008 R2? Only TLS 1.0 is enabled by default. TLS 1.1 and 1.2 are disabled. So unless you've enabled these manually, during the SSL handshake your trading partners server asks for TLS 1.2, and your Windows Server 2008 R2 says no thanks it's disabled, bye, connection closed. You're probably thinking "But Tom, I can see the TLS 1.2 box ticked in RSSBus!". My answer is "Get baited kid" because that's essentially what RSSBus told me (although their support team really is quite knowledgeable).
How do you enable these? I dunno really, I've never done it successfully because I was using even older operating systems when I ran into this issue. I ended up moving to Windows 10 and calling it a day (this caused a problem with another trading partner's SSLv2, but that's another story). It shouldn't be too hard though, give it a Google and let me know how you go.
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
This question is 16 days old but I hope you're still around because you've found the right person. I deal with this kind of stuff all the time and it can be a real pain in the ass. The most important thing to remember is that although AS2 and HTTPS are insanely complicated, the actual options you have to play around with in RSSBus are pretty limited. Yes WireShark can help diagnosing some hairy issues, but there are many other places to look before you dive into WireShark with your fingers crossed.
So let's start from the top, you have working HTTP connections and you're confident that the issues you're having are related to SSL.
What exactly is it you're trying to do? It looks like you're trying to send files to the HTTPS URL of your partner, and you get the "Connection closed by remote host" from both partners. Can you receive files from them?
I'm going to take a wild Hail Mary guess here and say that maybe the problem is incompatible SSL/TLS. RSSBus actually uses Windows Schannel for SSL, it is not built into the software (this is true for most AS2 software, they'd be silly not to). So your SSL capabilities are bound by Windows Server 2008 R2. So let's look it up: https://docs.microsoft.com/en-us/windows/desktop/secauthn/protocols-in-tls-ssl--schannel-ssp-
What does it say for 2008 R2? Only TLS 1.0 is enabled by default. TLS 1.1 and 1.2 are disabled. So unless you've enabled these manually, during the SSL handshake your trading partners server asks for TLS 1.2, and your Windows Server 2008 R2 says no thanks it's disabled, bye, connection closed. You're probably thinking "But Tom, I can see the TLS 1.2 box ticked in RSSBus!". My answer is "Get baited kid" because that's essentially what RSSBus told me (although their support team really is quite knowledgeable).
How do you enable these? I dunno really, I've never done it successfully because I was using even older operating systems when I ran into this issue. I ended up moving to Windows 10 and calling it a day (this caused a problem with another trading partner's SSLv2, but that's another story). It shouldn't be too hard though, give it a Google and let me know how you go.
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
edited Dec 14 '18 at 0:00
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
answered Nov 16 '18 at 3:22
Tom BryantTom Bryant
739
739
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53073837%2ftroubleshooting-as2-connection-problems-tcp-rst-being-sent-after-tls-handshake%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
