Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Security : Security in OpenEdge : SSL Security : Changing the cryptographic protocol, ciphers, and certificates : Supported protocols, ciphers, and certificates for Progress OpenEdge clients and servers : Example: Working with 11.4 ABL client and 11.6 AppServer
Example: Working with 11.4 ABL client and 11.6 AppServer
ABL client 11.4 and 11.6 AppServer by default use diferent protocols and ciphers. 11.4 ABL client by default uses TLSv1.0 protocol and AES128-SHA cipher. 11.6 AppServer by default uses TLSv1.2 and
Because of the diffrence in the ciphers and protocols, they are not compatible with each other. The following error is displayed in the broker log:
[15/09/28@07:24:38.319-0400] P-000380 T-C-0001 1 UB ----------- Error opening IOStreams : Server cannot negotiate down to client protocol: TLSv1. (8080)
You also encounter the following error as the hash name of ROOT CA certificate is 706a7309.0 where 11.4 client searches for 7156cd39.0 as in the OpenSSL libraries prior to 11.6.
Secure Socket Layer (SSL) failure. error code -54: unable to get local issuer certificate: for 7156cd39.0 in $DLC/certs (9318)

Connection failure for host <hostname> port 2420 transport TCP. (9407)

Application server connect failure. (5468)
You must do the following so that the client and server are compatible with each other:
*You must downgrade 11.6 AppServer to TLSv1.0 by adding the following properties in file in the AppServer configuration section:



*Update the hash name from 7156cd39.0 to 706a7309.0.
Excecute the client, it runs with 11.6 AppServer.