[Stackoverflow] [Progress OpenEdge ABL] OpenEdge connection to REST refused error code 10061 - certs/ciphers or something else?

[ade jones]

I'm trying to use OpenEdge 11.7.10 to connect to a service but hitting some sort of server refusal...

Secure Socket Layer (SSL) failure. error code 10061: Unknown network error (9318),Connection failure for host xxxxx.azure-api.net port 443 transport TCP. (9407)

If i view the target https security info via chrome/edge i see...

TLS 1.2
ECDHE_RSA with P-384
and AES_256_GCM

These names don't quite match up with the ones available to ABL that i found in the docs here:

Progress Documentation and Progress Documentation

...so I'm not sure how to specify the required cipher. so i added all the ones i could just to try and get it working initially, but no joy...

ASSIGN cTLSProtocols[1] = 'TLSv1.2'
   cTLSCiphers[1]  = 'AES128-SHA256'
   cTLSCiphers[2]  = 'DHE-RSA-AES128-SHA256'
   cTLSCiphers[3]  = 'AES128-GCM-SHA256'
   cTLSCiphers[4]  = 'DHE-RSA-AES128-GCM-SHA256'
   cTLSCiphers[5]  = 'ADH-AES128-SHA256'
   cTLSCiphers[6]  = 'ADH-AES128-GCM-SHA256'
   cTLSCiphers[7]  = 'ADH-AES256-SHA256'
   cTLSCiphers[8]  = 'AES256-SHA256'
   cTLSCiphers[9]  = 'DHE-RSA-AES256-SHA256'
   cTLSCiphers[10] = 'AES128-SHA'
   cTLSCiphers[11] = 'AES256-GCM-SHA384'
   cTLSCiphers[12] = 'DHE-RSA-AES256-GCM-SHA384'
   .

The P-384 looks like what OpenEdge refers to as a tlsGroup but i don't think i can specify on the version i'm on.

i.e. :TlsSupportedGroups(tlsGroup) throws an error / doesn't exist as a method.

Any ideas if the ciphers are the issue or perhaps I'm barking up the wrong tree.

NB. I've imported the required certs into DLC/certs etc.

Continue reading...