OpenEdge连接到REST被拒绝的错误代码10061 – 证书/密码或其他什么?

huangapple go评论64阅读模式
英文:

OpenEdge connection to REST refused error code 10061 - certs/ciphers or something else?

问题

I'm trying to use OpenEdge 11.7.10 to connect to a service but hitting some sort of server refusal...

Secure Socket Layer (SSL) failure. error code 10061: Unknown network error (9318),Connection failure for host xxxxx.azure-api.net port 443 transport TCP. (9407)

If i view the target https security info via chrome/edge i see...

TLS 1.2
ECDHE_RSA with P-384
and AES_256_GCM

These names don't quite match up with the ones available to ABL that i found in the docs here:

https://docs.progress.com/bundle/openedge-abl-develop-http-clients/page/Configure-TLS-security-settings.html and https://docs.progress.com/bundle/openedge-security-and-auditing/page/Supported-protocols-ciphers-and-certificates-for-OpenEdge-clients-and-servers.html

...so I'm not sure how to specify the required cipher.
so i added all the ones i could just to try and get it working initially, but no joy...

ASSIGN cTLSProtocols[1] = 'TLSv1.2'
cTLSCiphers[1] = 'AES128-SHA256'
cTLSCiphers[2] = 'DHE-RSA-AES128-SHA256'
cTLSCiphers[3] = 'AES128-GCM-SHA256'
cTLSCiphers[4] = 'DHE-RSA-AES128-GCM-SHA256'
cTLSCiphers[5] = 'ADH-AES128-SHA256'
cTLSCiphers[6] = 'ADH-AES128-GCM-SHA256'
cTLSCiphers[7] = 'ADH-AES256-SHA256'
cTLSCiphers[8] = 'AES256-SHA256'
cTLSCiphers[9] = 'DHE-RSA-AES256-SHA256'
cTLSCiphers[10] = 'AES128-SHA'
cTLSCiphers[11] = 'AES256-GCM-SHA384'
cTLSCiphers[12] = 'DHE-RSA-AES256-GCM-SHA384'
.

The P-384 looks like what OpenEdge refers to as a tlsGroup but i don't think i can specify on the version i'm on.

i.e. :TlsSupportedGroups(tlsGroup) throws an error / doesn't exist as a method.

Any ideas if the ciphers are the issue or perhaps I'm barking up the wrong tree.

NB. I've imported the required certs into DLC/certs etc.

英文:

I'm trying to use OpenEdge 11.7.10 to connect to a service but hitting some sort of server refusal...

Secure Socket Layer (SSL) failure. error code 10061: Unknown network error (9318),Connection
failure for host xxxxx.azure-api.net port 443 transport TCP. (9407)

If i view the target https security info via chrome/edge i see...

TLS 1.2
ECDHE_RSA with P-384
and AES_256_GCM

These names don't quite match up with the ones available to ABL that i found in the docs here:

https://docs.progress.com/bundle/openedge-abl-develop-http-clients/page/Configure-TLS-security-settings.html and
https://docs.progress.com/bundle/openedge-security-and-auditing/page/Supported-protocols-ciphers-and-certificates-for-OpenEdge-clients-and-servers.html

...so I'm not sure how to specify the required cipher.
so i added all the ones i could just to try and get it working initially, but no joy...

ASSIGN cTLSProtocols[1] = 'TLSv1.2'
   cTLSCiphers[1]  = 'AES128-SHA256'
   cTLSCiphers[2]  = 'DHE-RSA-AES128-SHA256'
   cTLSCiphers[3]  = 'AES128-GCM-SHA256'
   cTLSCiphers[4]  = 'DHE-RSA-AES128-GCM-SHA256'
   cTLSCiphers[5]  = 'ADH-AES128-SHA256'
   cTLSCiphers[6]  = 'ADH-AES128-GCM-SHA256'
   cTLSCiphers[7]  = 'ADH-AES256-SHA256'
   cTLSCiphers[8]  = 'AES256-SHA256'
   cTLSCiphers[9]  = 'DHE-RSA-AES256-SHA256'
   cTLSCiphers[10] = 'AES128-SHA'
   cTLSCiphers[11] = 'AES256-GCM-SHA384'
   cTLSCiphers[12] = 'DHE-RSA-AES256-GCM-SHA384'
   .

The P-384 looks like what OpenEdge refers to as a tlsGroup but i don't think i can specify on the version i'm on.

i.e. :TlsSupportedGroups(tlsGroup) throws an error / doesn't exist as a method.

Any ideas if the ciphers are the issue or perhaps I'm barking up the wrong tree.

NB. I've imported the required certs into DLC/certs etc.

答案1

得分: 1

你可以启用SSL/TLS调试(参见https://community.progress.com/s/article/P121819),这对于调试可能会有帮助。

顺便说一下,11.7版本支持的密码列表在https://docs.progress.com/bundle/openedge-security-auditing-introduction-117/page/Supported-protocols-ciphers-and-certificates-for-Progress-OpenEdge-clients-and-servers.html。

英文:

You can enable SSL/TLS debugging (see https://community.progress.com/s/article/P121819) which can be helpful for debugging.

FWIW, the list of supported ciphers for 11.7 are at https://docs.progress.com/bundle/openedge-security-auditing-introduction-117/page/Supported-protocols-ciphers-and-certificates-for-Progress-OpenEdge-clients-and-servers.html .

huangapple
  • 本文由 发表于 2023年6月26日 23:20:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/76558066.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定