2 Replies Latest reply on May 8, 2017 10:38 PM by RorohikoKris

    InDesign http request fails: no shared cipher

    Jens Troeger Level 1

      Hello,

       

      From my ExtendScript I try to call to a server over https:

       

        var xmlhttp = new XMLHttpRequest();

        xmlhttp.open('GET', 'https://***/api/books', true);

        xmlhttp.setRequestHeader('Authorization', 'Basic NDI5MDk...');

        xmlhttp.send(null);

        if(xmlhttp.status == 200) {

          alert(xmlhttp.responseText);

        }

       

      The code triggers the following output in the console:

       

      net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH

       

      Tracking the request content, it seems that ExtendScript uses Version: 3.2 (TLS/1.1) and then Version: 3.1 (TLS/1.0). But looking at the server log on the other side, there is only a single error message:

       

      2016/09/29 11:25:34 [info] 7048#7048: *4396957 SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking, client: **.**.**.**, server: 0.0.0.0:443

       

      The web server is very stable and well maintained, runs TSL 1.2 and supports all secure ciphers:

       

      443/tcp open  https

      | ssl-enum-ciphers:

      |   TLSv1.2:

      |     ciphers:

      |       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

      |       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

      |       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096) - A

      |       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A

      |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

      |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A

      |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 4096) - A

      |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 4096) - A

      |       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A

      |       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A

      |       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A

      |       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A

      |     compressors:

      |       NULL

      |     cipher preference: server

      |_  least strength: A

       

      What is happening here? Is there a problem between TLS 1.0/1.1 on the client and 1.2 on the server side? What would be the appropriate way to handle this problem?

       

      Thank you!