I have looked at the supported cipher list here:
Is it fair to say that an endpoint with the following results from an SSL Lab is not supported:
Certificate #1: RSA 2048 bits (SHA256withRSA)Key RSA 2048 bits (e 65537)Signature algorithm SHA256withRSA
ProtocolsTLS 1.3 NoTLS 1.2 YesTLS 1.1 YesTLS 1.0 YesSSL 3 NoSSL 2 NoFor TLS 1.3 tests, we only support RFC 8446.
Cipher Suites# TLS 1.2 (suites in server-preferred order)TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112
I've seen this link but as far as I can tell, whilst the question is answered, it does not provide a solution and the links to the knowledgebase don't result in a solution either.community.progress.com/.../57841
From what I can tell, there are standard ciphers supported and then you can change them to any other value in the supported list, but all the above are not supported.
I have exported the cert into the DLC certs directory using the tools.
I get Error 9318 or if I add the non-suppported ciphers the Progress client crashes and disappears with no error.
Is someone able to verify whether it should work in the first place, the best workaround approaches and the direction of support going forwards.
This what I used to negotiate an transparant proxy, which implies that the handshake is done by Apache (iirc).
Thanks bronco - I'll give it a go.