P
Peter Judge
Guest
There's a good site at www.ssllabs.com/.../analyze.html that scribes the supported protocols and ciphers for a site. From that, I can see that the site supports the following Cipher Suites # TLS 1.3 (suites in server-preferred order) TLS_AES_256_GCM_SHA384 ( 0x1302 ) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 ( 0x1303 ) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_AES_128_GCM_SHA256 ( 0x1301 ) ECDH x25519 (eq. 3072 bits RSA) FS 128 # TLS 1.2 (suites in server-preferred order) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ( 0xc030 ) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ( 0xc028 ) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256 From that, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 a nd TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 are supported for TLS1.2 (you're not using TLS1.3). The OE doc site at docs.progress.com/.../Supported-protocols-ciphers-and-certificates-for-OpenEdge-clients-and-servers.html indicates that the "CBC" cipher is not supported. I tweaked your code to only have // Supported ciphers and protocols at documentation.progress.com/.../supported-protocols,-ciphers,-and-certificates-f.html extent (cSSLProtocols) = 1 . extent (cSSLCiphers) = 1 . assign cSSLProtocols[ 1 ] = 'TLSv1.2' cSSLCiphers[ 1 ] = 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' . I found that TLS1.3 didn't work (the socket disconnected). I * also * - and this is where the 9318 message comes from - had to import the site's 3 certificates into the OE cert stort, using certutil -import .crt wl-test_mf_gov_pl.crt DigiCertGlobalRootG2.crt GeoTrustTLSRSACAG1.crt I got those certificates from my web browser. Once I did all of that, I saw the message below (which I hope you're expecting). --------------------------- Message (Press HELP to view stack trace) --------------------------- { "code": "WL-190", "message": "Niepoprawne żądanie." } --------------------------- OK Help ---------------------------
Continue reading...
Continue reading...