We have recently implemented the CA-CCI maintenance in support of TLS 1.2.
The maintenance is currently on several sand-boxes, we have the problem with test system and all its updated connections.
Note that SWER connects to all non-updated systems fine.
This on SWER for all updated systems:
CAS9899E Task 18 Error: SSL function gsk_secure_socket_init
CAS9899E Task 18 Error: SSL function rc = 467 ->
CAS9899E Task 18 Error: Signature algorithm not in signature algorithm pairs list
CAS9861I Task 18 closing (901.987.654.321):2189.
CAS9861I Task 18 delivered 2 packets, 694 bytes.
CAS9899W Task 7 Heart Beat Timeout with MVSN
CAS9899I Task 7 Connection with MVSN still active
CAS9899E Task 7 Error: SSL function gsk_secure_socket_read
CAS9899E Task 7 Error: SSL function rc = 420 ->
CAS9899E Task 7 Error: Socket closed by remote partner
CAS9899E Task 7 Error: SSL I/O ErrNo = 1121 ->
CAS9899E Task 7 Error: EDC8121I Connection reset.
CAS9603I - CAICCI SWER DISCONNECT FROM CAICCI MVSN
This on the remote side:
CAS9899E Task 5 Error: SSL function gsk_secure_socket_init
CAS9899E Task 5 Error: SSL function rc = 438 ->
CAS9899E Task 5 Error: Internal error reported by remote partner
CAS9861I Task 5 closing SWER(123.456.789.01):21721.
CAS9861I Task 5 delivered 2 packets, 694 bytes.
CAS9855I Task 7 has connection from SWER(123.456.789.01):1433
CAS9855I Task 7 has connection from SWER(123.456.789.01):1438
6 Requested cipher_spec(s) = 002F00350038003900320033, Len = 24
CAS9899E Task 7 SWER(123.456.789.01):1438 has no certificate.
CAS9861I Task 7 closing SWER(123.456.789.01):1438.
CAS9861I Task 7 delivered 2 packets, 694 bytes.
Same behavior seen on each remote.
IBM and their analysis pointed at the CERT as being the issue.
In gathering the information there were other attached certificates in the keyring that should not have been there.
They cleaned this up and it corrected the issue.