SSL Handshake Error #32

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
ronny45
Posts: 8
Joined: Wed Sep 24, 2025 7:52 pm

SSL Handshake Error #32

Post by ronny45 »

Hello Everyone,

I am trying to implement and test a simple HTTP_GET request using HTTPAPI, however Im seeing below error. I also noticed that GSKit is not installed on our machine:

Complete log:

Code: Select all

HTTPAPI Ver 1.49 released 2024-04-16                                               
NTLM Ver 1.4.0 released 2014-12-22                                                 
OS/400 Ver V7R4M0                                                                  
                                                                                   
New iconv() objects set, PostRem=1208. PostLoc=0. ProtRem=819. ProtLoc=0           
http_persist_open(): entered                                                       
http_long_ParseURL(): entered                                                      
DNS resolver retrans: 2                                                            
DNS resolver retry  : 2                                                            
DNS resolver options: x'00000136'                                                  
DNS default domain: express-scripts.com                                            
DNS server found: 10.223.255.1                                                     
DNS server found: 10.223.255.1                                                     
https_init(): entered                                                              
QSSLPCL = *TLSV1.3 *TLSV1.2 *TLSV1.1 *TLSV1                                        
SSL version 2 support disabled                                                     
SSL version 3 support disabled                                                     
Old interface to TLS version 1.0 support enabled  
TLS version 1.0 support enabled                                                        
TLS version 1.1 support enabled                                                        
TLS version 1.2 support enabled                                                        
TLS version 1.3 support enabled                                                        
initializing GSK environment                                                           
GSK Environment now available                                                          
-------------------------------------------------------------------------------------  
Dump of local-side certificate information:                                            
-------------------------------------------------------------------------------------  
Nagle's algorithm (TCP_NODELAY) disabled.                                              
SNI hostname set to: api.restful-api.dev                                               
SetError() #32: Time out during SSL handshake                                          
http_close(): entered                                             


RPGLE Code:

Code: Select all

**free                                                                                               
     ctl-opt dftactgrp(*no) option(*srcstmt) bnddir('HTTPAPI':'YAJL');                               
          // ccsid(*char: 37);                                                                       
                                                                                                     
     //dcl-s apiUrl varchar(256) inz('https://api.restful-api.dev/objects');                         
       dcl-s apiUrl varchar(256) inz('https://api.restful-api.dev/objects/7');                       
                                                                                                            
     // Data Structure for Product                                                                   
     dcl-ds DeviceDS Qualified dim(100);                                                             
         id      varchar(50);                                                                        
         name    varchar(100);                                                                       
         dcl-ds data;                                                                                
                color       varchar(50);                                                             
                capacity    varchar(50);                                                             
                capacityGB  varchar(50);                                                             
                price       varchar(50);                                                             
                year        int(10);                                                                 
                generation  varchar(20);                           
               cpuModel    varchar(50);                              
               caseSize    varchar(10);                              
               rawJson     varchar(500);                             
        end-ds;                                                      
    end-ds;                                                          
                                                                     
      /include LIBHTTP/QRPGLESRC,HTTPAPI_H                                       
                                                                     
    //dcl-pr http_string int(10) extproc('http_string');                                               
  dcl-s rc int(10);                                      
  dcl-s pResponse pointer;                               
  dcl-s response varchar(100000);                        
  dcl-s respSize int(10);                                
  dcl-s msg      char(52);                               
                                                         
 http_debug(*on: '/rahul/httpdebug.txt');               
 http_setOption('SSL_VERSION': 'TLSV1.3');                                       
 http_setOption('TCP_NODELAY': '1');                                             
 http_setOption('timeout': '60');                                                
 http_setOption('network-ccsid': '1208');                                        
 //http_setOption('Content-Type':'application/json');                            
 callp https_strict(*OFF);                                                       
                                                                                 
 rc = http_req('GET'                                                             
                   :apiURL                                                       
                   :*OMIT                                                    
                   :response);                                               
                                                                                                                                                 
 if rc <> 1;                                                                 
    msg = http_error();                                                      
    dsply msg;                                                               
    *inlr = *on;                                                             
    return;                                 

   data-into DeviceDS %data(response) %parser('YAJLINTO');        
                                                                  
     *inlr = *on;                                                 
     return;                                                         
Appreciate your help in advance.
Scott Klement
Site Admin
Posts: 925
Joined: Sun Jul 04, 2021 5:12 am

Re: SSL Handshake Error #32

Post by Scott Klement »

Please remove these two lines of code. They are options that don't exist, and aren't doing anything in your program but adding confusion:

Code: Select all

 http_setOption('SSL_VERSION': 'TLSV1.3');                                       
 http_setOption('TCP_NODELAY': '1');                                             
The error says that it is timing out during SSL handshake. SSL handshake occurs after the connection is made, but before any data is exchanged. During this step, the server and client each tell each other what types of SSL parameters they want to use.

If that worked successfully, you wouldn't get a time out.

However, normally, when it fails you get an error explaining what failed. You don't just get a timeout error. This tells me that something is going wrong... either the network connection is freezing up somehow, or some error is occurring inside the operating system (not in HTTPAPI) that is causing the code to stop responding.

GSKit is part of the operating system. What do you mean when you tell me it is not installed? Please tell me which of the following licensed program options (these all come with the OS) are or aren't installed:
  • Digital Certificate Manager opt 34 of IBM i. (57xx-SS1)
  • TCP/IP Connectivity Utilities (57xx-TC1)
  • IBM HTTP server for iSeries (57xx-DG1)
  • IBM Crypto Access Provider (57xx-NAE)
  • IBM Developer Kit for Java (57xx-JV1).
ronny45
Posts: 8
Joined: Wed Sep 24, 2025 7:52 pm

Re: SSL Handshake Error #32

Post by ronny45 »

Thank you so much for your response Scott. Regarding GSKit, I was researching the issue using AI Tools and it suggested to validate if GSKit is installed using below command in QSH:

Code: Select all

                                                       QSH Command Entry                          
                                                                                                  
 $                                                                                                
 cd /QOpenSys/usr/bin                                                                             
 $                                                                                                
 gsk8ver                                                                                          
 qsh: 001-0019 Error found searching for command gsk8ver. No such path or directory.              
 $                                                                                                
 gsk8ver_64                                                                                       
 qsh: 001-0019 Error found searching for command gsk8ver_64. No such path or directory.           
 $                   


Here is the items from Software Resources:

5770SS1 34 5050 Digital Certificate Manager
5770SS1 34 2924 Digital Certificate Manager
----------------------------------
5770TC1 *BASE 5050 IBM TCP/IP Connectivity Utilities for i
5770TC1 *BASE 2924 IBM TCP/IP Connectivity Utilities for i
----------------------------------
5770DG1 *BASE 5050 IBM HTTP Server for i
5770DG1 *BASE 2924 IBM HTTP Server for i
----------------------------------
5770NAE *BASE 5050 Network Authentication Enablement
5770NAE *BASE 2924 Network Authentication Enablement
----------------------------------
5770JV1 16 5116 Java SE 8 32 bit
5770JV1 17 5117 Java SE 8 64 bit
Scott Klement
Site Admin
Posts: 925
Joined: Sun Jul 04, 2021 5:12 am

Re: SSL Handshake Error #32

Post by Scott Klement »

I've never heard of gsk8ver, and the fact that you're running it in PASE makes me think it is for a UNIX (Linux or AIX) version of GSKit, not for the native IBM i one. I don't think there's something similar on IBM i, aside from checking which licensed program options you have installed.

At any rate, you have it installed. Which makes sense, since you didn't get any errors about the components not being there.

So now... on to trying to solve the timeout error...

Is it possible that you have a corporate proxy or firewall that could be blocking an outgoing connection from your IBM i to the API server?
ronny45
Posts: 8
Joined: Wed Sep 24, 2025 7:52 pm

Re: SSL Handshake Error #32

Post by ronny45 »

Hi Scott,

Yes you are right, there is a corporate policy that was blocking my API Calls. I tried an internal API that successfully returned a Token using HTTP_REQ.

Thank you so much.
Post Reply