Information

Title	What TLS/SSL Ciphers does an ABL client support?

URL Name	What-TLS-SSL-Ciphers-does-an-ABL-client-support

Article Number	000178480

Environment	Product: OpenEdge Version: 11.6.2 OS: All supported platforms Other:

Question/Problem Description

What TLS/SSL Ciphers does an ABL client support?
What are the default ciphers for an ABL Client?

Steps to Reproduce

Clarifying Information

Error Message

Defect Number

Enhancement Number

Cause

Resolution

The 11.6.2 ABL client defaults with the following 12 SSL Ciphers:

AES128-SHA256 AES256-SHA256 DHE-RSA-AES128-SHA256 AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-SHA256
ADH-AES128-SHA256 ADH-AES256-SHA256 ADH-AES128-GCM-SHA256 AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ADH-AES256-GCM-SHA384

However, the client will support whatever Ciphers are supported by the underlying SSL implementation. In the ABL clients case, openSSL 1.0.1m.

openSSL 1.0.1m has support for 81 different ciphers:

proenv>sslc ciphers
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA SRP-DSS-AES-256-CBC-SHA SRP-RSA-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA DHE-DSS-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256 DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA ECDH-RSA-AES256-GCM-SHA384 ECDH-ECDSA-AES256-GCM-SHA384 ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384 ECDH-RSA-AES256-SHA ECDH-ECDSA-AES256-SHA AES256-GCM-SHA384
AES256-SHA256 AES256-SHA CAMELLIA256-SHA PSK-AES256-CBC-SHA
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA SRP-DSS-AES-128-CBC-SHA SRP-RSA-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA DHE-DSS-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA DHE-RSA-SEED-SHA
DHE-DSS-SEED-SHA DHE-RSA-CAMELLIA128-SHA DHE-DSS-CAMELLIA128-SHA ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256 ECDH-RSA-AES128-SHA256 ECDH-ECDSA-AES128-SHA256 ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA
SEED-SHA CAMELLIA128-SHA IDEA-CBC-SHA PSK-AES128-CBC-SHA
ECDHE-RSA-RC4-SHA ECDHE-ECDSA-RC4-SHA ECDH-RSA-RC4-SHA ECDH-ECDSA-RC4-SHA
RC4-SHA RC4-MD5 PSK-RC4-SHA ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA SRP-DSS-3DES-EDE-CBC-SHA SRP-RSA-3DES-EDE-CBC-SHA SRP-3DES-EDE-CBC-SHA
EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA ECDH-RSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC3-SHA
DES-CBC3-SHA PSK-3DES-EDE-CBC-SHA EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA
DES-CBC-SHA

The above ciphers are the openSSL names. You can find the equivelant SSL/TLS names here:

https://www.openssl.org/docs/man1.0.1/apps/ciphers.html

Workaround

Notes

Documentation:
OpenEdge Getting Started: Core Business Services - Security and Auditing, Security : Security in OpenEdge : SSL Security

References to Other Documentation:
Progress Article(s):
ADH* series are not supported ciphers
Identifying what SSL/TLS ciphers a server supports.
How to set TLS/SSL protocols and ciphers to use in the HTTP client?
How to set Client SSL Protocols and Ciphers in OpenEdge
Identifying what SSL/TLS ciphers a server supports.
Ciphers supported by OpenEdge
ABL client default cipher suites for SSL
Client stops reading through the available ciphers list 50% of the time when an unsupported cipher is encountered in the list

Keyword Phrase

Last Modified Date	7/13/2021 6:57 PM