TLS v1.2 Not Working with my EXTRA! X-treme 9.6

We want to use TLS v1.2 for our EXTRA! X-treme 9,6.  When we try to connect with the Security Type set to TLS v1.2, we only get the lightning 501 message at the bottom of the screen.  Here is how we set up the Configure Connection screen:

Our network guys ran a trace and found the following communication between the client and server:

 

They said that EXTRA! was not sending a "Client Hello" message to the host based on the trace above.

Can you please advise me as to what I am doing incorrectly here.

Many thanks.

  • Verified Answer

    Hi Pablo Luciano,

    I will have a closer look at this, but can you have a look at the Tools- Status app in Extra to see what the application thinks happened to this connection?  It might say something like "TLSStartSecurity returned error 9703 <Server certificate is invalid.>" or "Failed to connect to host.attachmate.com on port 823 - Error = 10060: Connection timed out."

    Regards,

    Jeff

  • When I have the Verify Server Certificate turned on, the status log says:

    - Last socket error = 0.  No error.

    -  Socket failed to connect.

    - Secure connection was requested but not granted by server 10.231.0.105 on port 6110

    - TLSStartSecurity returned error 9702 <SSL/TLS handshake failed>.

  • Pablo Luciano,

    I note that you set this connection up for TLS 1.2.  Is that the correct security type for this host and port?  Can you try configuring Extra! for TLS 1.0 and see if you get the same failure on this connection?

    Thanks,

    Jeff

  • Pablo Luciano,

    I see this is verified Answer.  Does this mean that using TLS 1.0 worked for you?  I ask because a previous comment was verified as the answer.

    Thanks,

    Jeff

  • Hello Jeff,

          Actually, I have tried all of the security type options.  The only one that works is the "No Security" option.  With TLS v1,0, I get the exact error message (i.e. error 9702).

          Sorry if I specified that the reply has been verified.  I did not mean to do so.  The issue is still pending.

          Thank you again for your assistance.

  • Pablo Luciano,

    Assuming you are not changing the port number, the fact that "No Security" works tells us that the host is not expecting a secure connection on port 6110.  It is unlikely that the host is expecting secure (TLS) and unsecure (Telnet) connections on the same port.  Please ensure that you have the correct port number to make a secure connection to the host.

    Thanks,

    Jeff B

  • Thank you very much for your response.

    I have requested our host team to check their connection settings again and provided them with a copy of your comments.  I ill apprise you of their response as soon as I get it.  Many thanks again.

  • It is now working.  The root cause was identified to be from the firewall ruleset.  It did not have SSL as one of the applications allowed.  Thanks for all the help.