Hi Keisuke, Many thanks for your prompt reply!
> I think you need to specifically set a list with SET, > or else the default hard-coded setting is used but the function returns "". Interesting. Since I wasn't getting any result back from the GET function, I was a little hesitant to try the SET function, in case this screwed things up. I downloaded the "10-07_SSLKeys_CipherList" tech note, which was originally written for version 11 I think; I opened it under version 12, and it worked as expected (showing the "default" ciphers on the right pane when the window is first opened). However, when opening under version 15, the default cipher list was blank. Looking at the code, as expected, it's using the GET and SET database parameter 64 call; however, under version 12 the GET works without any prior call to SET required to show what's the default. Apparently this was changed (broken) in v15. OK, I'll give this a try (using the SET) to see if the GET will then work (and it won't blow up my SSL :-). > you could set a value found here Tim Penner actually wrote in the thread "RE: Most Current Cipher List for 4D and questions regarding OpenSSL versions being used" back on Dec 6, 2016, that he's using this suite: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-"+"SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:A"+"ES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" This looks good to me; as mentioned, I mainly want to get rid of RC4 so the browsers won't complain, which it looks like this should do (the "!RC4" listed at the end). Is there anything else I should look at or be aware of in order to fix this problem (browser complaining about insecure SSL)? For implementation, looks like all I need to do is call SET DATABASE PARAMETER with this list, then START WEB SERVER and all should be well, yes? I'm running the web server on 4D Client, so I assume this won't survive a restart of 4D, but must be called each time prior to starting the web server, yes? Again, many thanks for your prompt reply! Cheers! Michael Larue Dimension IV Consulting, LLC ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
