Provider moved to TLS 1.2 and appserver can't work with

Posted by OctavioOlguin on 17-Apr-2019 19:15


Classic Appserver 11.5, windows..

Our provider for signing documents, moved to TLS 1.2 just today (as commanded by SAT government agency, same thing as IRS), and my appserver app started throwing 9318 errors with errno 0.

Also, provider uses following ciphers:


Reading knowledgebase found TLS 1.2 is available since 11.6... so 

I need to upgrade to 11.7, ...  do I need to keep in mind another thing as far as ciphers goes?

Is there some guide to move from 11.x to 11.7?

(I'm currently working on setting up a v12 pasoe, but the rush is to keep the 11.x app running for some weeks more...)

Your prompt answer will be very appreciated...

Posted by Peter Judge on 17-Apr-2019 19:44

All Replies

Posted by OctavioOlguin on 17-Apr-2019 19:59


For PAS 11.5, is there some manipulation posible to keep app running until end of working hours?

The refereed documents (I thank you for that)   talk about client, so this is where should be the answer... but can't find that keys inside ubroker.propertires, so I guess I should upgrade to 11,7???

Posted by bronco on 18-Apr-2019 04:55

I had something similar with 11.6.2, which didn't support SNI (which you need if the other side serves more than 1 domain via https).

What I did is put an Apache HTTPD webserver in between. Apache forwards the http requests to the SAT, and from a 11.5 point of view Apache acts as proxy server. Added benefit is that Apache handles the certificate stuff which you normally have to do manually (certutil).

This thread is closed