OEAUTH and stsclientutil can only use one protocol

When more than one protocol is defined OEAUTH and stsclientutil fail if the default protocol cannot be used
OEAUTH can only use one protocol
stsclientutil can only use one protocol

ABL socket connect test: tsslsocket.p
 

DEF VAR hSock 		AS HANDLE NO-UNDO.
DEF VAR csslopts    AS CHAR INITIAL " -ssl -nohostverify" NO-UNDO.
DEF VAR cconopts    AS CHAR INITIAL "-H localhost -S 4433" NO-UNDO.

IF (SESSION:PARAMETER <> "" ) THEN
    cconopts = SESSION:PARAMETER.
MESSAGE "connecting to: " + cconopts + csslopts.
CREATE SOCKET hSock.

hSock:CONNECT(cconopts + csslopts).
MESSAGE "Connected to " + hSock:SSL-SERVER-NAME.
hSock:DISCONNECT().

DELETE OBJECT hSock.

 

This is expected behavior: 
OEAUTH and stsclientutil can only use one protocol, If multiple protocols specified it will use the default TLS1.2
The OE database's connection to the STS can specify the PSC_SSLCLIENT_PROTOCOLS environment variable, but that ENVAR can only be set to one protocol.  It is a known limitation

 

Before starting the database set PSC_SSLCLIENT_PROTOCOLS

set PSC_SSLCLIENT_PROTOCOLS=TLSv1.2
PSC_SSLCLIENT_PROTOCOLS=TLSv1.2, export PSC_SSLCLIENT_PROTOCOLS
$   proserve dbname ....

When using stsclientutil set PSC_SSLCLIENT_PROTOCOLS:
set PSC_SSLCLIENT_PROTOCOLS=TLSv1.2
PSC_SSLCLIENT_PROTOCOLS=TLSv1.2, export PSC_SSLCLIENT_PROTOCOLS
$   stsclientutil -cmd ping -url https://<host>:<port -logginglevel 5 


 

References to Other Documentation:

Progress Article(s):
How to set Client SSL Protocols and Ciphers in OpenEdge