IOB-090020 Error in SSL library: 'IOB-090013 error: 14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (code 336032784)
Can we force HttpClientRequest to use TLS 1.2 in code? Or does this require a ServerConf.xml file change?
We're on v6 build 8931, and that build uses the latest 1.x OpenSSL libraries (so we're told).
You need to upgrade your build to 8896 or high¨re to use TLS 1.2.
Is there also a solution without upgrading?
I'm on build 8863 and I'm getting this error.
Not sure how to proceed from here.
So, we upgraded to v6 8993 yesterday and were able to consume our TLS 1.2 Web Service endpoint. We couldn't find any way whatsoever to influence the web service call via code.
I was checking for documentation but could not find one but can you double check and confirm the build you are on. It has worked for me with any server name in build 8896 so I am not sure which version you are on.
Also , you can try formatting the httpclientrequest into a curl request using the execCommand function like this :
execCommand("curl https://www.myapiaddress.com > /tmp/file")
res = loadFile("/tmp/file")
I'm also very interested on how to achieve this. I currently get the same error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (code 336032784)
We're on build number 8721.
Documentation or example would be highly appreciated.
Any thoughts on this? I'm hoping that you have a documented object property of HttpClientRequest to implement your solution, as I cannot find any documentation that says how to pass the ServerName parameter into the call. Is the server name passed as a property of HttpClientRequest or via an HTTP header?
From how I understand it, the Adobe CM JS engine exposes "HttpClientRequest" for our use and you've built the implementation around functions exposed by OpenSSL. Therefore, the only way as an Adobe CM customer to implement your recommendation is through the HttpClientRequest object, as we have no access to your implementation to directly provide the OpenSSL parameters that you describe in your reply.
An example of passing this parameter through HttpClientRequest would be ideal, if you don't have formal documentation.
BTW, I was wrong with our build number: we're on 8795.
Thank you again!
Hi Adhiyan, and thanks for the reply.
Can you please let us know how to do this? Thanks!
The issue happens because Adobe Campaign does not support SNI (server name indication) . If we use Open SSL and indicate the servername like this : openssl s_client -connect <http_url>:443 -servername <url of server> it would work and get the SSL certificate details however a call like this fails :
openssl s_client -connect <http_url>:443 .
So you need to include and pass the server name as a parameter in your HttpClientRequest
By the way , SNI for Campaign was introduced on build 8891 and above , so can you double check the server version because it should work in 8931 without SNI.
Also, TLS1.2 is already supported as I verified in the SSL cipher suites for Campaign.