How to set TLS/SSL protocols and ciphers to use in the HTTP client?

How to set TLS/SSL protocols and ciphers to use in the HTTP client?

How to specify T:LS/SSL protocols and ciphers for the ABL HTTP Client?

How to configure HTTP Client to use TLS/SSL protocols or ciphers that are not in the default supported list?

Use the SetSslCiphers​() and SetSslProtocols() methods to specify SSL ciphers or protocols for the HTTP client to use.

Below is example code demonstrating setting the SSL ciphers and protocols for the HttpClient to use in a request.
 

/*------------------------------------------------------------------------
    File        : set_ssl_ciphers_and_protocol.p
    Description : 
    Notes       :
  ----------------------------------------------------------------------*/
BLOCK-LEVEL ON ERROR UNDO, THROW.

USING OpenEdge.Net.HTTP.IHttpRequest.
USING OpenEdge.Net.HTTP.RequestBuilder.
USING OpenEdge.Net.HTTP.IHttpClient.
USING OpenEdge.Net.HTTP.IHttpClientLibrary.
USING OpenEdge.Net.HTTP.ClientBuilder.
USING OpenEdge.Net.HTTP.Lib.ClientLibraryBuilder.
USING OpenEdge.Net.HTTP.IHttpResponse.

/* ***************************  Main Block  *************************** */
DEFINE VARIABLE oLib          AS IHttpClientLibrary NO-UNDO.
DEFINE VARIABLE oClient       AS IHttpClient        NO-UNDO.
DEFINE VARIABLE oRequest      AS IHttpRequest         NO-UNDO.
DEFINE VARIABLE oResponse     AS IHttpResponse      NO-UNDO.
DEFINE VARIABLE cSSLProtocols AS CHARACTER EXTENT   NO-UNDO.
DEFINE VARIABLE cSSLCiphers   AS CHARACTER EXTENT   NO-UNDO.

// the size and values of the SSL protocols and ciphers depend on the server
EXTENT(cSSLProtocols) = 2.
EXTENT(cSSLCiphers) = 10.

// TLSv1.1 and TLSv1.2 are supported with OpenEdge 11.6 and later.  See article What version of SSL and/or TLS does Progress OpenEdge use ? 
// Supported ciphers and protocols at https://docs.progress.com/bundle/openedge-security-and-auditing/page/Supported-protocols-ciphers-and-certificates-for-OpenEdge-clients-and-servers.html 
ASSIGN cSSLProtocols[1] = 'TLSv1.2'  
       cSSLProtocols[2] = 'TLSv1.1'
       cSSLCiphers[1]  = 'AES128-SHA256'
       cSSLCiphers[2]  = 'DHE-RSA-AES128-SHA256'
       cSSLCiphers[3]  = 'AES128-GCM-SHA256' 
       cSSLCiphers[4]  = 'DHE-RSA-AES128-GCM-SHA256'
       cSSLCiphers[5]  = 'ADH-AES128-SHA256'
       cSSLCiphers[6]  = 'ADH-AES128-GCM-SHA256'
       cSSLCiphers[7]  = 'ADH-AES256-SHA256'
       cSSLCiphers[8]  = 'AES256-SHA256' 
       cSSLCiphers[9]  = 'DHE-RSA-AES256-SHA256'
       cSSLCiphers[10] = 'AES128-SHA'
       .

oLib = ClientLibraryBuilder:Build()
                    :SetSSLProtocols(cSSLProtocols)
                    :SetSSLCiphers(cSSLCiphers)
                    :Library.
                    
oClient = ClientBuilder:Build()
                :UsingLibrary(oLib)
                :Client.

// Build and call the request. See article Getting started with HTTP client for OpenEdge  for examples.
oRequest = RequestBuilder
           :GET("https://httpbin.org/get")
           :Request.

oResponse = ClientBuilder:Build()
                         :UsingLibrary(oLib)
                         :Client
                         :Execute(oRequest).

 

Progress Articles:

Is there an HTTP client for OpenEdge?
Error 1403 when defining ciphers in ClientLibraryBuilder
OpenEdge.Net.pl is missing from PROPATH
What version of SSL and/or TLS does Progress OpenEdge use ?
ADH* series are not supported ciphers
Identifying what SSL/TLS ciphers a server supports.
How to set TLS/SSL protocols and ciphers to use in the HTTP client?
How to set Client SSL Protocols and Ciphers in OpenEdge
Identifying what SSL/TLS ciphers a server supports.
Ciphers supported by OpenEdge
ABL client default cipher suites for SSL
Client stops reading through the available ciphers list 50% of the time when an unsupported cipher is encountered in the list