ERROR: "XCOMU0297E Error requesting header confirmation" certificate error
search cancel

ERROR: "XCOMU0297E Error requesting header confirmation" certificate error

book

Article ID: 270995

calendar_today

Updated On:

Products

XCOM Data Transport

Issue/Introduction

After installing XCOM r.12 on a New RHEL8 system, we receive following Error:

 /opt/CA/XCOM/bin/xcomtcp -c1 -f loop4.cnf
 TID=000003 [/home/tmp/input.txt --> /home/tmp/newfile at 127.0.0.1]
 XCOMU0029I Locally initiated transfer started.
 XCOMU0297E Error requesting header confirmation: Txpi  227: Socket received 0 bytes: partner closed socket. Last error: 0

========================================

curl -vvv https://localhost:8045   

* Rebuilt URL to: https://localhost:8045/

*   Trying ::1...

* TCP_NODELAY set

* connect to ::1 port 8045 failed: Connection refused

*   Trying 127.0.0.1...

* TCP_NODELAY set

* Connected to localhost (127.0.0.1) port 8045 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

*   CAfile: /etc/pki/tls/certs/ca-bundle.crt

  CApath: none

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

* TLSv1.3 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Request CERT (13):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Certificate (11):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS alert, handshake failure (552):

* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

* Closing connection 0

curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Environment

  • XCOMâ„¢ Data Transport® for Linux PC 12.0
  • RHEL 8

Cause

Concerning sslv3 alert handshake failure, XCOM 12.0 has enabled TLS V1.2 and disabled the older ones.

Resolution

 We do not recommend using TLSv1.1, TSLv1.0, or SSLv3 because they are less secure. 

However if you must use the older ones, here are instructions about enabling them.

Enable Older SSL and TLS Protocols

You need to look at the $XCOM_HOME/config/configssl.cnf file to see what protocols and ciphers are configured. 

[SSL_OPTION], [SSL_METHOD], and [CIPHER] sections can provide you with the information. 

Are you using the "SECURE_SOCKET=YES" and "PORT=8045" in your loop4.cnf file? 

If possible, run the command again, but with an additional XTRACE=10 like below, and send us the trace file. 

  • /opt/CA/XCOM/bin/xcomtcp -c1 -f loop4.cnf XTRACE=10

You can locate the trace file at /opt/CA/XCOM/trace directory with the name <TID>.tra

Powered by Wolken Software