Adobe Classic v6: Enforce TLS 1.2 with HttpClientRequest

Avatar

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
mroshaw
Level 1

31-05-2018

We are using HttpClientRequest to consume an external REST API in JavaScript. The external provider recently pulled support for SSL and our remote call now fails, we're told because we must now use the TLS 1.2 protocol when consuming their service.

IOB-090020 Error in SSL library: 'IOB-090013 error: 14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (code 336032784)

Can we force HttpClientRequest to use TLS 1.2 in code? Or does this require a ServerConf.xml file change?

We're on v6 build 8931, and that build uses the latest 1.x OpenSSL libraries (so we're told).

Thanks!

8931

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Springboard
MVP
Amit_Kumar
MVP

Likes

329 likes

Total Posts

649 posts

Correct reply

231 solutions
Top badges earned
Springboard
Ignite 5
Ignite 3
Ignite 1
Validate 10
View profile

Avatar
Springboard
MVP
Amit_Kumar
MVP

Likes

329 likes

Total Posts

649 posts

Correct reply

231 solutions
Top badges earned
Springboard
Ignite 5
Ignite 3
Ignite 1
Validate 10
View profile
Amit_Kumar
MVP

11-06-2018

Hi Martin,

You need to upgrade your build to 8896 or high¨re to use TLS 1.2.

Regards,

Amit

Answers (7)

Answers (7)

Avatar

Avatar
Validate 1
Level 2
LeonieSwart
Level 2

Likes

12 likes

Total Posts

30 posts

Correct reply

2 solutions
Top badges earned
Validate 1
Give Back 5
Give Back 3
Give Back
Boost 5
View profile

Avatar
Validate 1
Level 2
LeonieSwart
Level 2

Likes

12 likes

Total Posts

30 posts

Correct reply

2 solutions
Top badges earned
Validate 1
Give Back 5
Give Back 3
Give Back
Boost 5
View profile
LeonieSwart
Level 2

23-08-2018

Is there also a solution without upgrading?
I'm on build 8863 and I'm getting this error.

Not sure how to proceed from here.

Thanks!

Avatar

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
mroshaw
Level 1

20-06-2018

So, we upgraded to v6 8993 yesterday and were able to consume our TLS 1.2 Web Service endpoint. We couldn't find any way whatsoever to influence the web service call via code.

Avatar

Avatar
Establish
Employee
Adhiyan
Employee

Likes

241 likes

Total Posts

343 posts

Correct reply

124 solutions
Top badges earned
Establish
Give Back 50
Give Back 25
Give Back 10
Give Back 5
View profile

Avatar
Establish
Employee
Adhiyan
Employee

Likes

241 likes

Total Posts

343 posts

Correct reply

124 solutions
Top badges earned
Establish
Give Back 50
Give Back 25
Give Back 10
Give Back 5
View profile
Adhiyan
Employee

08-06-2018

Hi Mrow,

I was checking for documentation but could not find one but can you double check and confirm the build you are on. It has worked for me with any server name in build 8896 so I am not sure which version you are on.

Also , you can try formatting the httpclientrequest into a curl request using the execCommand function like this :

execCommand("curl https://www.myapiaddress.com > /tmp/file")

res = loadFile("/tmp/file")

Regards,

Adhiyan

Avatar

Avatar
Level 1
Martin_Wildeman
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile

Avatar
Level 1
Martin_Wildeman
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile
Martin_Wildeman
Level 1

08-06-2018

I'm also very interested on how to achieve this. I currently get the same error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (code 336032784)

We're on build number 8721.

Documentation or example would be highly appreciated.

Avatar

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
mroshaw
Level 1

04-06-2018

Hi Adhiyan,

Any thoughts on this? I'm hoping that you have a documented object property of HttpClientRequest to implement your solution, as I cannot find any documentation that says how to pass the ServerName parameter into the call. Is the server name passed as a property of HttpClientRequest or via an HTTP header?

From how I understand it, the Adobe CM JS engine exposes "HttpClientRequest" for our use and you've built the implementation around functions exposed by OpenSSL. Therefore, the only way as an Adobe CM customer to implement your recommendation is through the HttpClientRequest object, as we have no access to your implementation to directly provide the OpenSSL parameters that you describe in your reply.

An example of passing this parameter through HttpClientRequest would be ideal, if you don't have formal documentation.

BTW, I was wrong with our build number: we're on 8795.

Thank you again!

Avatar

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
mroshaw
Level 1

Likes

0 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
mroshaw
Level 1

01-06-2018

Hi Adhiyan, and thanks for the reply.

Can you please let us know how to do this? Thanks!

Oli

Avatar

Avatar
Establish
Employee
Adhiyan
Employee

Likes

241 likes

Total Posts

343 posts

Correct reply

124 solutions
Top badges earned
Establish
Give Back 50
Give Back 25
Give Back 10
Give Back 5
View profile

Avatar
Establish
Employee
Adhiyan
Employee

Likes

241 likes

Total Posts

343 posts

Correct reply

124 solutions
Top badges earned
Establish
Give Back 50
Give Back 25
Give Back 10
Give Back 5
View profile
Adhiyan
Employee

01-06-2018

Hi ,

The issue happens because Adobe Campaign does not support SNI (server name indication) . If we use Open SSL and indicate the servername like this : openssl s_client -connect <http_url>:443 -servername <url of server> it would work and get the SSL certificate details however a call like this fails :

openssl s_client -connect <http_url>:443 .

So you need to include and pass the server name as a parameter in your HttpClientRequest

By the way , SNI for Campaign was introduced on build 8891 and above , so can you double check the server version because it should work in 8931 without SNI.

Also, TLS1.2 is already supported as I verified in the SSL cipher suites for Campaign.

Regards,
Adhiyan