Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Security : Security in OpenEdge : SSL Security : Changing the cryptographic protocol, ciphers, and certificates : Changing the default protocols and ciphers : Changing the default protocols and ciphers for Progress OpenEdge clients
 
Changing the default protocols and ciphers for Progress OpenEdge clients
You can set the protocols and the ciphers for the following client components:
*ABL Client:
*To set the protocol and cipher for all ABL client connections, export the following environment variables in the startup script of the client application:
Property
Description
PSC_SSLCLIENT_PROTOCOLS
Accepts the cryptographic protocol that is set for the client
PSC_SSLCLIENT_CIPHERS
Accepts the cryptographic cipher that is set for the client
*Once you export the variables, invoke a Progress OpenEdge client executable and start a session for the client application to use the set cryptographic protocols and ciphers.
*To set the protocol and cipher for single client connection, you can set the following parameters in the connection-parameters argument of the client’s CONNECT() method:
Connection parameter
Description
-sslprotocols SSL-protocol-names
Accepts the cryptographic protocol that is set for the client
-sslciphers SSL-protocol-ciphers
Accepts the valid cryptographic ciphers that is set for the client
You can use ABL clients to create connections with different server components. If you do not set the -sslprotocols and -sslciphers connection parameters using the client’s CONNECT() method, the protocol and cipher values are set using the PSC_SSLCLIENT_PROTOCOLS and PSC_SSLCLIENT_CIPHERS environment variables in the ubroker.properties file (available at <OpenEdge-install-directory>/properties).
*OpenEdge WSDL Analyzer: To set the protocol and cipher for OpenEdge WSDL Analyzer, export the following environment variables in the startup script of the client application:
Property
Description
PSC_SSLCLIENT_PROTOCOLS
Accepts a comma-separated list of cryptographic protocols
PSC_SSLCLIENT_CIPHERS
Accepts a comma-separated list of valid cryptographic ciphers
*Once you export the variables, invoke the bprowsdldoc client executable to use the set cryptographic protocols and ciphers.
*Java Open Client: In the client’s Connection object, you can set the following properties using the setStringProperty method of the RunTimeProperties class:
Property
Description
PROGRESS.Session.sslProtocols
Accepts the cryptographic protocol that is set for the client
PROGRESS.Session.sslCiphers
Accepts the valid cryptographic cipher that is set for the client
*You can also set these properties as Java system properties.
*.NET Open Client: In the client’s app.config file, you can set the Progress.Open4GL.RunTimeProperties.SSLProtocols runtime property with the cryptographic protocol. The cryptographic cipher is automatically set using the .NET framework.
*AppServer Agent: In the [Environment.<appserver_broker>] section of the ubroker.properties file (available at <OpenEdge-install-directory>/properties), you can set the following environment variables:
Property
Description
PSC_SSLCLIENT_PROTOCOLS
Accepts the cryptographic protocol that is set for the agent
PSC_SSLCLIENT_CIPHERS
Accepts the valid cryptographic cipher that is set for the agent
*WebSpeed Agent: In the [Environment.<webspeed_broker>] section of the ubroker.properties file (available at <OpenEdge-install-directory>/properties), you can set the following environment variables:
Property
Description
PSC_SSLCLIENT_PROTOCOLS
Accepts the cryptographic protocol that is set for the agent
PSC_SSLCLIENT_CIPHERS
Accepts the valid cryptographic cipher that is set for the agent
*AppServer Internet Adapter: In the startup script of the client application, export the following environment variables:
Property
Description
sslProtocols
Accepts the cryptographic protocol that is set for the AIA instance
sslCiphers
Accepts the valid cryptographic cipher that is set for the AIA instance
After you export the variables, invoke a Progress OpenEdge client executable and start a session for the client application to use the set protocols and ciphers.
Note: Even if a secure connection is established, a known AIA logging error causes the Error Setting SSL parameters from ServerConnection error statement to appear in the log file. To avoid this problem, set the PSC_SSLCLIENT_PROTOCOLS and PSC_SSLCLIENT_CIPHERS properties in the Apache Tomcat catalina shell script file.
*WebSpeed Messenger: In the startup script of the client application, export the following environment variables:
Property
Description
sslProtocols
Accepts the cryptographic protocol that is set for the WebSpeed client instance
sslCiphers
Accepts the valid cryptographic cipher that is set for the WebSpeed client instance
*After you export the variables, invoke an Progress OpenEdge client executable and start a session for the client application to use the set protocols and ciphers.
*SonicESB Adapter: Using the Sonic Management Console, you can set the following runtime properties:
Property
Description
sslprotocols
Accepts the cryptographic protocol that is set for the SonicESB adapter
sslciphers
Accepts the valid cryptographic cipher that is set for the SonicESB adapter
*To set these properties, do the following:
1. On the Sonic Management Console, select the Configure tab.
2. Under Services, select OpenEdge Native Services.
3. Select the dev.OpenEdge service name.
4. Under Init Parameters, click Runtime Properties. A list of properties and their current values is displayed.
5. For the sslProtocols and sslCiphers properties, enter comma-separated values of cryptographic protocols and ciphers that you want to set for the adapter.
*Web Services Adapter: In the default.props file ( available at <OpenEdge-install-directory>/webapps/wsa/wsa1), set the following properties:
Property
Description
sslprotocols
Accepts the cryptographic protocol that is set for the WSA application
sslciphers
Accepts the valid cryptographic cipher that is set for the WSA application
*To set the default protocol and cipher values for a WSA client, set the properties as Default. The following code shows how to set the properties.
<?xml version="1.0" encoding="UTF-8"?>
<ApplicationRuntimeProperties xmlns="urn:schemas-progress-com:WSAD:0011"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
...
<sslCiphers>Default</sslCiphers>
<sslProtocols>Default</sslProtocols>
...
</ApplicationRuntimeProperties>
*REST Adapter: In the runtime.props file (available at $CATALINA_HOME/webapps/application_name/WEB-INF/adapters), set the following properties:
Property
Description
sslProtocols
Accepts the cryptographic protocol that is set for the REST application
sslCiphers
Accepts the valid cryptographic cipher that is set for the REST application