英文:
OpenEdge connection to REST refused error code 10061 - certs/ciphers or something else?
问题
I'm trying to use OpenEdge 11.7.10 to connect to a service but hitting some sort of server refusal...
Secure Socket Layer (SSL) failure. error code 10061: Unknown network error (9318),Connection failure for host xxxxx.azure-api.net port 443 transport TCP. (9407)
If i view the target https security info via chrome/edge i see...
TLS 1.2
ECDHE_RSA with P-384
and AES_256_GCM
These names don't quite match up with the ones available to ABL that i found in the docs here:
https://docs.progress.com/bundle/openedge-abl-develop-http-clients/page/Configure-TLS-security-settings.html and https://docs.progress.com/bundle/openedge-security-and-auditing/page/Supported-protocols-ciphers-and-certificates-for-OpenEdge-clients-and-servers.html
...so I'm not sure how to specify the required cipher.
so i added all the ones i could just to try and get it working initially, but no joy...
ASSIGN cTLSProtocols[1] = 'TLSv1.2'
cTLSCiphers[1] = 'AES128-SHA256'
cTLSCiphers[2] = 'DHE-RSA-AES128-SHA256'
cTLSCiphers[3] = 'AES128-GCM-SHA256'
cTLSCiphers[4] = 'DHE-RSA-AES128-GCM-SHA256'
cTLSCiphers[5] = 'ADH-AES128-SHA256'
cTLSCiphers[6] = 'ADH-AES128-GCM-SHA256'
cTLSCiphers[7] = 'ADH-AES256-SHA256'
cTLSCiphers[8] = 'AES256-SHA256'
cTLSCiphers[9] = 'DHE-RSA-AES256-SHA256'
cTLSCiphers[10] = 'AES128-SHA'
cTLSCiphers[11] = 'AES256-GCM-SHA384'
cTLSCiphers[12] = 'DHE-RSA-AES256-GCM-SHA384'
.
The P-384 looks like what OpenEdge refers to as a tlsGroup but i don't think i can specify on the version i'm on.
i.e. :TlsSupportedGroups(tlsGroup) throws an error / doesn't exist as a method.
Any ideas if the ciphers are the issue or perhaps I'm barking up the wrong tree.
NB. I've imported the required certs into DLC/certs etc.
英文:
I'm trying to use OpenEdge 11.7.10 to connect to a service but hitting some sort of server refusal...
Secure Socket Layer (SSL) failure. error code 10061: Unknown network error (9318),Connection
failure for host xxxxx.azure-api.net port 443 transport TCP. (9407)
If i view the target https security info via chrome/edge i see...
TLS 1.2
ECDHE_RSA with P-384
and AES_256_GCM
These names don't quite match up with the ones available to ABL that i found in the docs here:
https://docs.progress.com/bundle/openedge-abl-develop-http-clients/page/Configure-TLS-security-settings.html and
https://docs.progress.com/bundle/openedge-security-and-auditing/page/Supported-protocols-ciphers-and-certificates-for-OpenEdge-clients-and-servers.html
...so I'm not sure how to specify the required cipher.
so i added all the ones i could just to try and get it working initially, but no joy...
ASSIGN cTLSProtocols[1] = 'TLSv1.2'
cTLSCiphers[1] = 'AES128-SHA256'
cTLSCiphers[2] = 'DHE-RSA-AES128-SHA256'
cTLSCiphers[3] = 'AES128-GCM-SHA256'
cTLSCiphers[4] = 'DHE-RSA-AES128-GCM-SHA256'
cTLSCiphers[5] = 'ADH-AES128-SHA256'
cTLSCiphers[6] = 'ADH-AES128-GCM-SHA256'
cTLSCiphers[7] = 'ADH-AES256-SHA256'
cTLSCiphers[8] = 'AES256-SHA256'
cTLSCiphers[9] = 'DHE-RSA-AES256-SHA256'
cTLSCiphers[10] = 'AES128-SHA'
cTLSCiphers[11] = 'AES256-GCM-SHA384'
cTLSCiphers[12] = 'DHE-RSA-AES256-GCM-SHA384'
.
The P-384 looks like what OpenEdge refers to as a tlsGroup but i don't think i can specify on the version i'm on.
i.e. :TlsSupportedGroups(tlsGroup) throws an error / doesn't exist as a method.
Any ideas if the ciphers are the issue or perhaps I'm barking up the wrong tree.
NB. I've imported the required certs into DLC/certs etc.
答案1
得分: 1
你可以启用SSL/TLS调试(参见https://community.progress.com/s/article/P121819),这对于调试可能会有帮助。
顺便说一下,11.7版本支持的密码列表在https://docs.progress.com/bundle/openedge-security-auditing-introduction-117/page/Supported-protocols-ciphers-and-certificates-for-Progress-OpenEdge-clients-and-servers.html。
英文:
You can enable SSL/TLS debugging (see https://community.progress.com/s/article/P121819) which can be helpful for debugging.
FWIW, the list of supported ciphers for 11.7 are at https://docs.progress.com/bundle/openedge-security-auditing-introduction-117/page/Supported-protocols-ciphers-and-certificates-for-Progress-OpenEdge-clients-and-servers.html .
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论