Feedback
 
Did this article resolve your question/issue?

   

Your feedback is appreciated.

Please tell us how we can make this article more useful. Please provide us a way to contact you, should we need clarification on the feedback provided or if you need further assistance.

Characters Remaining: 1025

 


Article

WebClient fails to connect with error (9318) using default ciphers.

Information

 
Article Number000099531
EnvironmentProduct: OpenEdge
Version: 11.x, 12.x
OS: All supported platforms
Other: WebClient
Question/Problem Description

WebClient fails to connect with error (9318).

Steps to Reproduce
Clarifying Information

WebClient uses the default ciphers list to make the SSL connection.

WebClient connects to the AppServer via AIA.
 

 

 

 

Error MessageSecure Socket Layer (SSL) failure. error code 336151568: SSL routines (9318)
Defect/Enhancement Number
Cause
OpenEdge AIA is using a ciphers that are not included in the default cipher list.

Default cipher list does not include all supported ciphers.
Resolution
Use any of the following methods to include the ciphers that are needed:

1) Add -sslciphers to the URL in the CONNECT() method. For example,

-URL https://aia.webclientHost.com:8443/aia/AiaName1?AppService=MyApplicationService -sslprotocols TLSv1 -sslciphers ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384

2) Set the PSC_SSLCLIENT_CIPHERS environment variable on the client machine to include the ciphers uing the format:

PSC_SSLCLIENT_CIPHERS=<Cipher1>:<Cipher2>...

Example:

Set PSC_SSLCLIENT_CIPHERS=ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384

3) Alternatively the cipher values can be set using the PSC_SSLCLIENT_CIPHERS environment variables in the ubroker.properties, if -sslciphers is not set on the client.
Workaround
Notes
Attachment 
Last Modified Date11/11/2019 9:04 PM