Greetings, all!

We're running UniVerse 11.3.4 on AIX 7.2
If I remember correctly from some previous posts, UniVerse has it's own embedded version of openssl that it uses instead of the AIX version.  If that is correct, is there a way to list (or somehow look up) the ciphers that UniVerse is using?

We're making https (443) API calls to a middleware server (Windows-based, running Apache Tomcat) from within the UniVerse environment and we're getting the message:

   This combination of host and port requires TLS.

If we make the calls over http (80), they work just fine, but we need them to be over 443.

Our network folks are thinking we might have a cipher conflict (one side or the other not using the same ciphers), but I don't know how to determine which ciphers UniVerse is using.  Any help with this would be greatly appreciated.  Or, if anyone has seen this issue before and knows the solution to the issue, that would be even better! 

Thanks!
Brian

Okay....scratch my original question.  I found the info for that step of the troubleshooting on one of Rocket's Blogs:

   https://www.rocketsoftware.com/blogs/things-you-need-know-about-openssl-111

So I ran a version of the sample program in that blog, and checked the resulting log and found the following error:
   4294967296:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:ssl/statem/statem_clnt.c:1114:

I checked the uvconfig file, and there are three TLS versions listed as enabled.  Unfortunately, the blog at the above link only shows successful setup.  :-)

I'll keep digging through the blogs and the docs to see if I can find some troubleshooting info, but if anyone can point me in the right direction it would save me a bunch of time.

Thanks again!

Greetings, all!

We're running UniVerse 11.3.4 on AIX 7.2
If I remember correctly from some previous posts, UniVerse has it's own embedded version of openssl that it uses instead of the AIX version.  If that is correct, is there a way to list (or somehow look up) the ciphers that UniVerse is using?

We're making https (443) API calls to a middleware server (Windows-based, running Apache Tomcat) from within the UniVerse environment and we're getting the message:

   This combination of host and port requires TLS.

If we make the calls over http (80), they work just fine, but we need them to be over 443.

Our network folks are thinking we might have a cipher conflict (one side or the other not using the same ciphers), but I don't know how to determine which ciphers UniVerse is using.  Any help with this would be greatly appreciated.  Or, if anyone has seen this issue before and knows the solution to the issue, that would be even better! 

Thanks!
Brian

Brian,

What do the following commands return, the output below is from one of our internal AIX servers which works with Chengs example in the blog, I know you might have checked these already so if you have I apologise but want to discount any problems here first of all 

# smat -t | grep SSL
*    SSL_PROTOCOLS  =   TLSv1.1,TLSv1.2,TLSv1.3
*    SSL_OPTIONS  =   NO_TLS_FALLBACK_SCSV

# openssl version
OpenSSL 1.1.1n  15 Mar 2022