• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

InDesign http request fails: no shared cipher

Explorer ,
Sep 29, 2016 Sep 29, 2016

Copy link to clipboard

Copied

Hello,

From my ExtendScript I try to call to a server over https:

  var xmlhttp = new XMLHttpRequest();

  xmlhttp.open('GET', 'https://***/api/books', true);

  xmlhttp.setRequestHeader('Authorization', 'Basic NDI5MDk...');

  xmlhttp.send(null);

  if(xmlhttp.status == 200) {

    alert(xmlhttp.responseText);

  }

The code triggers the following output in the console:

net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Tracking the request content, it seems that ExtendScript uses Version: 3.2 (TLS/1.1) and then Version: 3.1 (TLS/1.0). But looking at the server log on the other side, there is only a single error message:

2016/09/29 11:25:34 [info] 7048#7048: *4396957 SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking, client: **.**.**.**, server: 0.0.0.0:443

The web server is very stable and well maintained, runs TSL 1.2 and supports all secure ciphers:

443/tcp open  https

| ssl-enum-ciphers:

|   TLSv1.2:

|     ciphers:

|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096) - A

|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A

|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 4096) - A

|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 4096) - A

|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A

|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A

|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A

|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A

|     compressors:

|       NULL

|     cipher preference: server

|_  least strength: A

What is happening here? Is there a problem between TLS 1.0/1.1 on the client and 1.2 on the server side? What would be the appropriate way to handle this problem?

Thank you!

TOPICS
Scripting

Views

1.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Explorer , Oct 12, 2016 Oct 12, 2016

It turns out that InDesign's ExtendScript is unable to establish a connection using TLS 1.2. After enabling TLS 1 and 1.1 on our server (while maintaining our A+ rating), everything worked.

Votes

Translate

Translate
Explorer ,
Oct 12, 2016 Oct 12, 2016

Copy link to clipboard

Copied

It turns out that InDesign's ExtendScript is unable to establish a connection using TLS 1.2. After enabling TLS 1 and 1.1 on our server (while maintaining our A+ rating), everything worked.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
May 08, 2017 May 08, 2017

Copy link to clipboard

Copied

LATEST

Hi all,

Just a quick note. This might or might not be a workaround for this issue.

I've revisited the old GetURL I wrote many years ago, and made a more modern version which does support https as well as http. All smoke and mirrors. More information and source code on my personal blog:

http://coppieters.nz/?p=133

The 'getURL' is whatever is implemented in the Node.js inside of InDesign - so I suspect it will be able to use more recent TLS versions.

Cheers,

Kris (Rorohiko)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines