Httpclient issue with tls

Hi -
I’m trying to use httpClient for the first time - but am getting an ‘unable to post’ error. And I think it’s related to an out of date TLS protocol. I am trying bypass_cert_validation, but am still getting the error. It works in postman.

headers = {"CompanyDB":"dummy","UserName":"dummy","Password":"dummy"}
Response = system.net.httpClient(bypass_cert_validation=True).post("https://hanab1:50000/b1s/v1/Login", headers=headers).json

Any help would be appreciated. Thanks.

The server you are targeting is out of date. Newer versions of java block the insecure TLS versions it wants to use. Same problem others have encountered with Database connections:

The correct solution is have the operators of that server upgrade their security.
The alternate solution is for you to re-enable old TLS on your end as described in that topic.

1 Like

Thank pturmel. I am encouraging them to upgrade their server; and I did also re-enable the old TLS by editing the java.security file and removing the references to TLSv1 and TLSv1.1. Then I restarted the server. That didn’t work for me.

The security file is JVM-wide, but the Java HttpClient has its own SSL configuration that specifies which protocols are allowed as well.

Seeing something that only supports TLS 1.0 is pretty uncommon… how old is this hardware/software?

1 Like

Yeah - it’s SAP Business One Version 9.3. Apparently, according to this post (Service Layer and TLSv1 | SAP Community) it only supports TLS V1.0.

Edit: version 9 was released in 2013, and 9.3 in 2017.

It might be worth trying system.net.httpPost after having re-enabled TLS 1.0 in the Java security file. It’s a different implementation than system.net.httpClient and might allow TLS 1.0 if it’s enabled in general.

Thanks for the help. I tried that already as well. No luck - same error.

Are you sure you edited the correct java.security file? The embedded java in the launchers has one separate from the system’s copy.

Thanks - yes I edited the one in the Ignition folder. I think our IT team has a solution, using some sort of intermediary/proxy server. Thanks for all the help!

When running from the script console, or from a Vision client, the java.security file that matters is the one the launcher is using, not the gateway’s.