Starting OE 12.2 the client now supports all ciphers supported by OpenSSL:ABL client default cipher suites for SSLFor other versions, follow the instructions outlined below.
Set the Protocol and Ciphers that both OpenEdge and the Server or Service supports.
1) Determine which SSL Protocols and Ciphers are in use:To get general security information about a site, use SSLLabs' SSL Server Test:
https://www.ssllabs.com/ssltest/An example is provided in Article:
Identifying what SSL/TLS ciphers a server supports.To get the current session protocol and ciphers information, use one of the following methods:Option #1: Enable SSL debugging
- Enable SSL debugging [ SSLSYS_DEBUG_LOGGING ] using the steps outlined in Article: How to enable SSL debugging in OpenEdge?.
- Execute the code in question and examine the cert.client.log and cert.server.log
Option #2: Test the connection with s_client -connect
- proenv> sslc s_client -connect <domain name>:<port> -showcerts -CApath %DLC%\certs -msg
- Analyse the sslc output
Entries for the Protocol and Cipher are written under SSL-Session in either the
cert.client.log, cert.server.log, or the sslc output. Example:
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
2) Configure the session to use the required SSL protocol and/or cipher.ABL clients:Option #1 - Use -
sslprotocols , -sslciphers in the
CONNECT() method:
-URL https://aia.webclientHost.com:8443/aia/AiaName1?AppService=MyApplicationService -sslprotocols TLSv1.2 -sslciphers AES128-SHA
-WSDL myWsdl.wsdl -sslprotocols TLSv1.2 -sslciphers ECDHE-RSA-AES256-GCM-SHA384
Option #2 - Set the Environment variables on the client machine:
- PSC_SSLCLIENT_PROTOCOLS
- PSC_SSLCLIENT_CIPHERS
Windows:
set PSC_SSLCLIENT_PROTOCOLS=TLSv1.2
set PSC_SSLCLIENT_CIPHERS=DHE-RSA-AES256-SHA UNIX:
export PSC_SSLCLIENT_PROTOCOLS=TLSv1.3
export PSC_SSLCLIENT_CIPHERS=DHE-RSA-AES256-SHAHTTP client: Use the
OpenEdge.Net.HTTP.Lib.ClientLibraryBuilder, SetSslProtocols() and SetSslCiphers() Methods outlined in Article:
How to set SSL Protocols and Ciphers to use in the HTTP client? PAS OE instance: Configure
{CATALINA_BASE}\conf\catalina.properties outlined in Article:
How to configure the TLS versions which are supported by a PASOE instance
- psc.as.https.protocol
- psc.as.https.ciphers
Unified Brokers:Configure Environment Variables and ssl algorithms for negotiation in:
<DLC>\properties\ubroker.properties outlined in Article:
How to specify UBroker cipher suite and ssl protocols
- PSC_SSLSERVER_CIPHERS,
- PSC_SSLSERVER_PROTOCOLS
- sslAlgorithms
ODBC, JDBC Client: Configure Environment Variables and properties, outlined in Article:
OpenEdge SQL SSL communication – release 11.6.1
- PSC_SQL_SSLSERVER_CIPHERS
- PSC_SSLSERVER_CIPHERS
- EnableCipherSuites
- CryptoProtocolVersion
When communicating with an
SNI enabled site, prevent error code 17424 from failing the negotiation, outlined in Article:
SSL routines error with HTTP Client and SNI-enabled site 
