Hi,
I have a problem running the HTTP request for a site with unknown cipher set. The error 9318 appears (file Test_HTTP.p).
However, when I run the request from a WebClient (TestWebClient.p), everything goes fine. Do you have any idea why is that?
Best regards,
Marek
//------------------------------------------------------------------------
// File : Test_HTTP.p
/* *************************** Definitions ************************** */
USING OpenEdge.Net.HTTP.IHttpRequest.
USING OpenEdge.Net.HTTP.IHttpResponse.
USING OpenEdge.Net.HTTP.ClientBuilder.
USING OpenEdge.Net.HTTP.RequestBuilder.
USING OpenEdge.Net.HTTP.IHttpClientLibrary.
USING OpenEdge.Net.HTTP.Lib.ClientLibraryBuilder.
USING System.IO.* .
USING System.Text.* .
USING progress.Json.*.
USING progress.Json.ObjectModel.* .
/* *************************** Definitions ************************** */
/* ******************** Preprocessor Definitions ******************** */
DO ON ERROR UNDO, THROW:
DEFINE VARIABLE question AS CHARACTER NO-UNDO.
/* ******************** Preprocessor Definitions ******************** */
/* *************************** Main Block *************************** */
DEFINE VARIABLE oLib AS IHttpClientLibrary NO-UNDO.
DEFINE VARIABLE cSSLProtocols AS CHARACTER EXTENT NO-UNDO.
DEFINE VARIABLE cSSLCiphers AS CHARACTER EXTENT NO-UNDO.
DEFINE VARIABLE oJsonEntity AS JsonObject NO-UNDO.
DEFINE VARIABLE JsonString AS LONGCHAR NO-UNDO.
// the size and values of the SSL protocols and ciphers depend on the server
EXTENT(cSSLProtocols) = 2.
EXTENT(cSSLCiphers) = 10.
// Supported ciphers and protocols at documentation.progress.com/.../supported-protocols,-ciphers,-and-certificates-f.html
ASSIGN cSSLProtocols[1] = 'TLSv1.2'
cSSLProtocols[2] = 'TLSv1.1'
cSSLCiphers[1] = 'AES128-SHA256'
cSSLCiphers[2] = 'DHE-RSA-AES128-SHA256'
cSSLCiphers[3] = 'AES128-GCM-SHA256'
cSSLCiphers[4] = 'DHE-RSA-AES128-GCM-SHA256'
cSSLCiphers[5] = 'ADH-AES128-SHA256'
cSSLCiphers[6] = 'ADH-AES128-GCM-SHA256'
cSSLCiphers[7] = 'ADH-AES256-SHA256'
cSSLCiphers[8] = 'AES256-SHA256'
cSSLCiphers[9] = 'DHE-RSA-AES256-SHA256'
cSSLCiphers[10] = 'AES128-SHA'
oLib = ClientLibraryBuilder
:Build()
:SetSslProtocols(cSSLProtocols)
:SetSslCiphers(cSSLCiphers)
:sslVerifyHost(NO)
:Library.
question = "wl-api.mf.gov.pl/.../ .
DEFINE VARIABLE oRequest AS IHttpRequest NO-UNDO.
DEFINE VARIABLE oResponse AS IHttpResponse NO-UNDO.
oRequest = RequestBuilder:Get(question):Request.
oResponse = ClientBuilder:Build():UsingLibrary(oLib):Client:Execute(oRequest).
oJsonEntity = CAST(oResponse:Entity, JsonObject).
oJsonEntity:Write(JsonString, TRUE).
MESSAGE STRING(JsonString)
VIEW-AS ALERT-BOX.
END .
CATCH eAnyError AS Progress.Lang.Error:
MESSAGE
"Error Number:" eAnyError:GetMessageNum(1) SKIP
"Error Text:t" eAnyError:GetMessage(1)
VIEW-AS ALERT-BOX BUTTONS OK TITLE "Error processing in the CATCH for mainprocedure block".
RETURN 'OK' .
END CATCH.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
//------------------------------------------------------------------------
// File : TestWebClient.p
/* *************************** Definitions ************************** */
/* ******************** Preprocessor Definitions ******************** */
/* *************************** Main Block *************************** */
DEFINE VARIABLE xClient AS System.Net.WebClient .
DEFINE VARIABLE xWyn AS LONGCHAR NO-UNDO.
DEFINE VARIABLE question AS CHARACTER NO-UNDO.
question = "wl-api.mf.gov.pl/.../ .
DO ON ERROR UNDO, THROW:
System.Net.ServicePointManager:SecurityProtocol = System.Net.SecurityProtocolType:Tls12 .
xClient = NEW System.Net.WebClient () .
xWyn = xClient:DownloadString ( question ) .
MESSAGE STRING(xWyn)
VIEW-AS ALERT-BOX.
END .
CATCH eAnyError AS Progress.Lang.Error:
MESSAGE
"Error Number:" eAnyError:GetMessageNum(1) SKIP
"Error Text:t" eAnyError:GetMessage(1)
VIEW-AS ALERT-BOX BUTTONS OK TITLE "Error processing in the CATCH for mainprocedure block".
RETURN 'OK' .
END CATCH.
|
Cipher Suites
|
||
 # TLS 1.3 (suites in server-preferred order)
|
||
|
TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS
|
256
|
|
|
TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS
|
256
|
|
|
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS
|
128
|
|
|
# TLS 1.2 (suites in server-preferred order)
|
||
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS
|
256
|
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS
WEAK
|
256
|
|
Thanks, Peter,
I was testing the program in OE 12.1. Below there is a line from test.log:
Connect: -H wl-api.mf.gov.pl -S 443 -ssl -nohostverify -sslprotocols TLSv1.2,TLSv1.1 -sslciphers AES128-SHA256,DHE-RSA-AES128-SHA256,AES128-GCM-SHA256,DHE-RSA-AES128-GCM-SHA256,ADH-AES128-SHA256,ADH-AES128-GCM-SHA256,ADH-AES256-SHA256,AES256-SHA256,DHE-RSA-AES256-SHA256,AES128-SHA
Marek
You can also set environment var "SSLSYS_DEBUG_LOGGING=5" which will generate SSL layer logs for an ABL client. You can find the log "cert.client.log" in you work dir and it can help you to investigate any potential SSL handshake issues that is creating problems
|
Cipher Suites
|
||
|
# TLS 1.3 (suites in server-preferred order)
|
||
|
TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS
|
256
|
|
|
TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS
|
256
|
|
|
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS
|
128
|
|
|
# TLS 1.2 (suites in server-preferred order)
|
||
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS
|
256
|
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS
WEAK
|
256
|
|
Many thanks, Peter for your extraordinary help!
Marek