Question
· Sep 12, 2017

How to do not use SSLv3 (force TLS variant) - httpRequest to AWS API Gateway

Hi guys

Im trying to use an API running in AWS API Gateway.
This API is over https and i am using the SSL/TLS config of Caché.

set httpRequest = ##class(%Net.HttpRequest).%New()
set httpRequest.Server = server
set httpRequest.Https=1
set httpRequest.SSLConfiguration = "SSLPadraoAdapcon"

do httpRequest.SetHeader("Content-Type","application/json")
do httpRequest.EntityBody.Write(json)
do httpRequest.Post("/dev/router")

But im getting this error:

|   SSLConfiguration = "SSLPadraoAdapcon"
|           SSLError = "SSL/TLS error in SSL_connect(), SSL_ERROR_SSL: protocolerror, error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshakefailure"
|            Timeout = 30

 

After some research i found in the AWS Forum this: SSLv3 is not supported by API Gateway (SSLv3 is no longer considered secure). Can you double-check that your client is configured to use one of the TLS variants instead...

How do i force httpRequest objetct to use TLS and not SSLv3, any idea?

Best reguards.

Ricardo Baehr
Adapcon Sistemas

P.S.: Caché 2010 in production and Caché 2015 in development.

Discussion (5)0
Log in or sign up to continue

Hello

I would like to share the solution I adopted.

I was able to access my API (over AWS API Gateway) by placing an AWS Cloudfront instance in front of it.

The SSL used by the API Gateway needs TLS with SNI (which does not exist in Caché)...
But the SSL used by Cloudfront does not require SNI.

So I was able to keep using httpRequest.

Thanks.