Hi,

I have looked at the supported cipher list here:

Is it fair to say that an endpoint with the following results from an SSL Lab is not supported:

Certificate #1: RSA 2048 bits (SHA256withRSA)

Key RSA 2048 bits (e 65537)

Signature algorithm SHA256withRSA

Protocols

TLS 1.3 No

TLS 1.2 Yes

TLS 1.1 Yes

TLS 1.0 Yes

SSL 3 No

SSL 2 No

For TLS 1.3 tests, we only support RFC 8446.

Cipher Suites

# TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112

I've seen this link but as far as I can tell, whilst the question is answered, it does not provide a solution and the links to the knowledgebase don't result in a solution either.

community.progress.com/.../57841

From what I can tell, there are standard ciphers supported and then you can change them to any other value in the supported list, but all the above are not supported.

I have exported the cert into the DLC certs directory using the tools.

I get Error 9318 or if I add the non-suppported ciphers the Progress client crashes and disappears with no error.

Is someone able to verify whether it should work in the first place, the best workaround approaches and the direction of support going forwards.

Thanks