This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS stops working at POA 18.4.2


Recently updated a customer that was still  running GW18.4.1 to 18.4.2. 

A few days later, they called me, and GW Web stopped working with "Unable to communicate with server", and GMS also showed communication errors with one POA (which is the default one configured in GW Web).

After a little digging, I found out that while all posrts of the POA (including 7191) were listening, I would not get a certificate when trying to connect to them:

openssl s_client -connect gw01.undisclosed.dom:7191
140188125603472:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 293 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Protocol : TLSv1.2
Cipher : 0000
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1674562396
Timeout : 300 (sec)
Verify return code: 0 (ok)

Now, as we all know, in GW18.4.2, soap runs on it's own POA process now, and that process is also listening on port 17191 (when the main soap port is configured for 7191):

Oddly enough, I still *could* get a proper certificate on port 17191, but not on 7191.

A simple restart of the problem POA fixed the issue, but this is not good. There has been nothing in the poa logs that I'd identifiy as an error. The POA also wasn't restarted, it simply stopped properly handling TLS in the middle of the day for no apparent reason.

Is this a known one? Anybody else?