Learn about Security and Auditing

Change the default protocols and ciphers for Progress OpenEdge clients

Save PDF

Table of Contents

Change the default protocols and ciphers for Progress OpenEdge clients

Save PDF

Last Updated: January 16, 2024
1 minute read

OpenEdge
Version 12.8
Documentation

Change the default protocols and ciphers for Progress OpenEdge clients

You can set the protocols and the ciphers for the following client components:

ABL Client:

To set the protocol and cipher for all ABL client connections, export the following environment variables in the startup script of the client application:


Property	Description
`PSC_SSLCLIENT_PROTOCOLS`	Accepts the cryptographic protocol that is set for the client.
`PSC_SSLCLIENT_CIPHERS`	Accepts the cryptographic cipher that is set for the client.
`PSC_TLSCLIENT_SUPPORTEDGROUPS`	Sends the supported groups list from the client to the server in its `ClientHello` message. Note: This feature is only supported for ABL Client Socket ("ABL HTTP Client").

After you export the variables, invoke a Progress OpenEdge client executable and start a session for the client application to use the set cryptographic protocol, cipher, and supported groups.

To set the protocol, cipher, and supported groups for single client connection, you can set the following parameters in the connection-parameters argument of the client’s CONNECT() method:


Connection parameter	Description
`-sslprotocols SSL-protocol-names`	Accepts the cryptographic protocol that is set for the client.
`-sslciphers SSL-protocol-ciphers`	Accepts the valid cryptographic cipher that is set for the client.
`-tlssupportedgroups list`	Sends the supported groups list from the client to the server in its `ClientHello` message. Note: This feature is only supported for ABL Client Socket ("ABL HTTP Client").

Note: You can use ABL clients to create connections with different server components. If you do not set the -sslprotocols and -sslciphers connection parameters using the client’s CONNECT() method, the protocol and cipher values are set using the PSC_SSLCLIENT_PROTOCOLS and PSC_SSLCLIENT_CIPHERS environment variables in the ubroker.properties file (available at <OpenEdge-install-directory>/properties).

Java Open Client: In the client’s Connection object, you can set the following properties using the setStringProperty method of the RunTimeProperties class:


Property	Description
`PROGRESS.Session.sslProtocols`	Accepts the cryptographic protocol that is set for the client.
`PROGRESS.Session.sslCiphers`	Accepts the valid cryptographic cipher that is set for the client.

You can also set these properties as Java system properties.

.NET Open Client: In the client’s app.config file, you can set the Progress.Open4GL.RunTimeProperties.SSLProtocols runtime property with the cryptographic protocol. The cryptographic cipher is automatically set based on the underlying .NET implementation.

REST Adapter: In the runtime.props file (available at $CATALINA_HOME/webapps/application_name/WEB-INF/adapters), set the following properties:


Property	Description
`sslProtocols`	Accepts the cryptographic protocol that is set for the REST application.
`sslCiphers`	Accepts the valid cryptographic cipher that is set for the REST application.