1. Hugo Moors
  2. PowerBuilder
  3. Thursday, 13 October 2022 13:50 PM UTC

I'm having some problems connecting to an old Radius server that is stuck on TLS1.0

I'm getting error -19 in HTTPClient mode and -33 in RESTClient = "TLS 1.3 error. The server does not support TLS 1.3."

I've set both SecureProtocol and IgnoreServerCertificate to 0 (setting SecureProtocol to 3 TLS1.0, or any other setting = same result -33 or -19)

If I set IgnoreServerCertificate to anything else I get -14 (http) or -25 (rest) = The application experienced an internal error loading the SSL libraries.

 

The application was using an OleObject (Msxml2.XMLHTTP) which started failing (runtime error on obj.send() command), we are thinking the cause is a windows update that started blocking TLS1.0

I changed the code to HTTPClient and RESTClient but keep running into that -33 -19

We know this server will have to be retired and are working to do so but I'm able to get FireFox through so why is PowerBuilder not going through?

(in Firefox I've had to change security.tls.version.max to 3 and min to 1) In Chrome it is not even possible to set those settings.

 

Using the demo site https://demo.appeon.com/PB/webapi_client/employee/102 I get the expected result.

(PB2022 22.0.0.1878 32bit application)

 

 
Accepted Answer
Mark Lee @Appeon Accepted Answer Pending Moderation
  1. Thursday, 5 October 2023 05:44 AM UTC
  2. PowerBuilder
  3. # Permalink
Hi Hugo, Thanks for your feedback. At present, we can reproduce this problem, when the Windows client does not support TLS1.0, and the Server client only supports TLS1.0, this -19 error occurs. Therefore, we recommend you check whether the Windows client is set to disable TLS1.0, or verify this problem using other Windows clients. You can refer to the following link to check whether the Enabled value of the following path in the registry is 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0\Client https://windowsreport.com/how-to-disable-tls-1-0 https://learn.microsoft.com/en-us/answers/questions/47472/how-to-disable-protocols.html You need to set the value to 1, then restart the computer and test the problem again. Regards,
Comment
There are no comments made yet.
Hugo Moors Accepted Answer Pending Moderation
  1. Monday, 17 October 2022 07:38 AM UTC
  2. PowerBuilder
  3. # 1

Thanks for the suggestions

This is what I get for the Security Protocol:

Just want to confirm it. Please open FireFox's Web Developer Tools (F12) and track your actual application request to see if its SecureProtocol is 1.0. 

 

In FireFox I also get this in the headers tab

Also, check whether the Request headers content set in the PB code is the same as the actual Request headers content captured in FireFox.

I'm not sure where to look in PowerBuilder for this with the RestClient object?

I am setting the content type to application/xml same as in FF

lrest_client.setrequestheader("Content-Type","application/xml",TRUE)

When I do a getrequestheaders() I only get this Content-Type header.

It is the same as in Firefox

I keep getting the -33 for httpclient or -19 for restclient return value. 

Comment
  1. Hugo Moors
  2. Friday, 21 October 2022 06:45 AM UTC
Thanks this worked
  1. Helpful
There are no comments made yet.
Mark Lee @Appeon Accepted Answer Pending Moderation
  1. Friday, 14 October 2022 07:05 AM UTC
  2. PowerBuilder
  3. # 2

Hi Hugo,

 

 

Just want to confirm it. Please open FireFox's Web Developer Tools (F12) and track your actual application request to see if its SecureProtocol is 1.0. 

Also, check whether the Request headers content set in the PB code is the same as the actual Request headers content captured in FireFox.

Most of the time it's due to some setup, but it could also be a bug.

Regards,

 

 

Comment
  1. Armeen Mazda @Appeon
  2. Friday, 14 October 2022 14:23 PM UTC
Please try what Mark suggested, and if problem still persists then open support ticket as it might be a bug of PowerBuilder: https://www.appeon.com/standardsupport/newbug
  1. Helpful 1
There are no comments made yet.
Hugo Moors Accepted Answer Pending Moderation
  1. Thursday, 13 October 2022 18:11 PM UTC
  2. PowerBuilder
  3. # 3

One thing I'm thinking about is that this server requires a login that is provided in the url https://user:pwd@server perhaps that is not allowed but I don't know or found examples how to authenticate in another way to this server.

Comment
There are no comments made yet.
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 13 October 2022 16:24 PM UTC
  2. PowerBuilder
  3. # 4

Since you know the server is expecting TLS 1.0, what happens when you set SecureProtocol property to 3 (so it forces TLS 1.0): https://docs.appeon.com/pb2022/objects_and_controls/ch03s266s01.html

 

Comment
  1. Hugo Moors
  2. Thursday, 13 October 2022 18:06 PM UTC
Tried it, same result -19 or -33



" I've set both SecureProtocol and IgnoreServerCertificate to 0 (setting SecureProtocol to 3 TLS1.0, or any other setting = same result -33 or -19) "



I don't understand why it's an error that mentions TLS1.3 ...
  1. Helpful
  1. Hugo Moors
  2. Thursday, 13 October 2022 18:09 PM UTC
I made a little script looping all possible values of SecureProtocol and IgnoreServerCertificate

Nothing worked any other value for IgnoreServerCertificate results in -14/25, any value for SecureProtocol gives -19/33
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.