clara | Posts: 5

Whitelist

0 votes
Hello, We have been having troubles connecting to OneSpan Sandbox API. We receive the following error when we run the curl command: * TCP connection reset by peer In the logs (Java): Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:209) ~[?:1.8.0_112] at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_112] at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) ~[?:1.8.0_112] at sun.security.ssl.InputRecord.read(InputRecord.java:503) ~[?:1.8.0_112] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[?:1.8.0_112] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_112] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_112] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_112] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) ~[httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) ~[httpclient-4.3.6.jar:4.3.6] Does our server need to be added to a OneSpan whitelist? Thanks!

Duo_Liang | Posts: 3776

Reply to: Whitelist

0 votes
Hi Clara, Unless you has configured two-way SSL at OneSpan Sign side, you don't need to add your server's IP address to our whitelist. From the error trace, it looks like an SSL issue: required to use TLS 1.1 or later. For this connection issue, are you deploying to a new server or it occurred all of a sudden? And could you provide me with some sample codes demonstrating how you invoked the Curl command from Java? Any API Call will be enough. Duo

clara | Posts: 5

Reply to: Whitelist

0 votes
Thanks for the quick reply, Duo. We are not using two-way SSL. We just deployed our Java application to another server in preparation for our upcoming release and ran into the 'connection reset' issue. This environment is using TLS 1.2, is that supported with OneSpan? The curl command was not invoked from Java, but rather command-line on the server itself. But we received the same 'connection reset' error on both (ie. command-line and Java application with the Java OneSpan SDK).

Duo_Liang | Posts: 3776

Reply to: Whitelist

0 votes
Hi Clara, Now I understand your scenario. TLS 1.2 is supported and actually recommended to be used by OneSpan Sign. When you were troubleshooting with Curl, could you add a "-v" parameter enabling the debug, I will send you the detailed Curl command by email. Because instead of adding your certificate at OSS side, your server actually need to trust OneSpan Sign's CA's certificate (GlobalSign Root CA - R1), debugging info will tell you where to find the cURL CA bundle and you can check there. Duo

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off