Hi, I'm using 4D 15.4 build 15.208269. Am running into problems with web pages served by the 4D Web Server via SSL (https) being rejected by browsers (Chrome, Firefox) for having an insecure algorithm (RC4). It's recommended to change the settings on the server to disable this cipher.
I think I can do this via the SET DATABASE PARAMETER using option 64, SSL cipher list. However, when I use Get database parameter using this option (to see what's currently set and then just modify this), the result is a blank string for "$vList": C_TEXT($vList) $vNotUsed:=Get database parameter(SSL cipher list;$vList) What am I doing wrong? I've tried this on both 4D standalone as well as 4D Server. Same result; nothing returned for the cipher list. The https://ssldecoder.org site shows the following ciphers in use for the web server running under 4D v15.4: AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA RC4-SHA So, I think all I need to do is disable the RC4 cipher and that should fix the problem, no? I think all I need to do is add a "!" before the RC4 ciphers in the list to disable it. Then web browsers should stop complaining and serve up the pages without problem, correct? But, if Get database parameter isn't working (or I'm doing something wrong), I'm very hesitant to apply SET DATABASE PARAMETER to change anything. Anybody else run into this, and have a solution? Thanks! Michael Larue Dimension IV Consulting, LLC ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
