Example: Working with 11.4 ABL client and 11.6 AppServer
ABL client 11.4 and 11.6 AppServer by default use diferent protocols and ciphers. 11.4 ABL client by default uses TLSv1.0 protocol and AES128-SHA cipher. 11.6 AppServer by default uses TLSv1.2 and
Because of the diffrence in the ciphers and protocols, they are not compatible with each other. The following error is displayed in the broker log:
[15/09/28@07:24:38.319-0400] P-000380 T-C-0001 1 UB ----------- Error opening IOStreams : Server cannot negotiate down to client protocol: TLSv1. (8080)
You also encounter the following error as the hash name of ROOT CA certificate is 706a7309.0 where 11.4 client searches for 7156cd39.0 as in the OpenSSL libraries prior to 11.6.
Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for 7156cd39.0 in $DLC/certs (9318)
Connection failure for host <hostname> port 2420 transport TCP. (9407)
Application server connect failure. (5468)
You must do the following so that the client and server are compatible with each other:
You must downgrade 11.6 AppServer to TLSv1.0 by adding the following properties in ubroker.properties file in the AppServer configuration section:
[Environment.asbroker1]
TESTENV=MYENV
PSC_SSLSERVER_PROTOCOLS=TLSv1
PSC_SSLSERVER_CIPHERS=AES128-SHA
Update the hash name from 7156cd39.0 to 706a7309.0.
You must downgrade 11.6 AppServer to TLSv1.0 by adding the following properties in ubroker.properties file in the AppServer configuration section: