Salesforce

OpenEdge WebService client fails to connect to a secure WebService with error code 17426

Printable View
« Go Back

Information

 
TitleOpenEdge WebService client fails to connect to a secure WebService with error code 17426
URL Name000031944
Article Number000151329
EnvironmentProduct: OpenEdge
Version: 10.2x, 11.1x, 11.2x, 11.3x
OS: All supported platforms
Question/Problem Description
The OpenEdge WebService client fails to connect to a secure WebService due to error code 17426
The OpenEdge Web Service client returns error messages: 9318 9407 11767
 


 
Steps to Reproduce
Clarifying Information
When SSLSYS_DEBUG_LOGGING=5 is set,  one of the following errors is returned in the cert.client.log file:
SSL Client handshake failure (336151570) SSL routines
SSL Client handshake failure (336151568) SSL routines

sslc.exe s_client -connect <url>:443 -CApath $DLC/certs -showcerts -debug -state -msg 2>&1 | tee c:/tmp/ssldbg.log
TLS 1.0 Alert [length 0002], fatal handshake_failure (the SSL server terminating the connection handshake)
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.\ssl\s3_pkt.c:1053:SSL alert number 40
Error MessageSecure Socket Layer (SSL) failure. error code 17426: SSL routines (9318) 
Connection failure for host wmli027494 port 7443 transport HTTPS. (9407) 
Error sending Web Service Request: Fatal Error: connect operation failed (WinSock reported error=997) (11767) 
Defect NumberEnhancement
Enhancement Number
Cause
Except for the Web Services client, Progress OpenEdge does not currently implement Client side Digital Certificate support within the ABL.  This includes all OpenEdge ABL and OpenClient products.
Resolution
Upgrade to OpenEdge 11.4

For the Classic AppServer, client authentication has been implemented in the OpenEdge 11.4 ABL client for consuming SOAP Web Services. This also includes the WSDL Analyzer (bprowsdldoc) command-line utility. Other components do not provide support for client-side certificates at this time.
Refer to Article P100618, Does the OpenEdge client support SSL client authentication for consuming SOAP Web Services ?
   
For the Progress AppServer (OEPAS) all HTTPS client authentication for all available transports (ABL, REST, SOAP) are fully supported. 
Refer to Article Does Progress support client-side digital certificates with SSL?   
Workaround
One workaround is to use a utility called STunnel (http://www.stunnel.org) which will function as a Proxy Server for Web Service requests. Please note that support for STunnel is outside the scope of Progress Customer Support.
Notes
Progress Articles: 

P121819, How to enable SSL debugging in OpenEdge?   
Keyword Phrase
Last Modified Date11/20/2020 7:20 AM
Powered by