-
-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to Force TLS1.2 Connection? #769
Comments
It appears that because it informs .SecureProtocols([THTTPSecureProtocol.TLS12]) it is not being respected, causing the bank to reject the request with the message: Error sending data: (12175) Security error Has anyone else experienced this? |
I had to migrate to the indy components, and with that it worked perfectly. So it is clear that DMVC today is not using tls 1.2, but I believe it is possible to adjust this in the framework core. |
Ainda continua |
I simulated a connection that only accepts TLS 1.2 and the problem did not occur. So it is probably some additional validation that the API you are accessing requires. program Project1;
{$APPTYPE CONSOLE}
{$R *.res}
uses
System.SysUtils,
MVCFramework.RESTClient.Intf,
MVCFramework.RESTClient;
var
LResponse: IMVCRESTResponse;
begin
try
LResponse := TMVCRESTClient.New
.SecureProtocols([THTTPSecureProtocol.TLS12])
.Get('https://test-tls12.messagemedia.com');
Writeln(LResponse.Content);
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
Readln;
end. |
Yes, I carried out your test and in fact we have the return as "TSL 1.2" in fact it is something on the Banco do Brasil side, or some encryption that is not accepted by BB, but I opened a forum at the Bank, in order to try to investigate, I don't know I have some progress on this, but for now I had to migrate to Indy for these requests |
seguimos e informo quando tiver o retorno do Banco We will follow up and let you know when we hear back from the Bank. |
Boa noite, Para que as requisições sejam atendidas em PIX/v2 o BB exige além do TLS 1.2 (exclusivamente) os certificados previamente enviados via Portal Developers para a API desejada, com os arquivos CRT+KEY gerados a partir do mesmo via open SSL. Esta mensagem de erro de segurança não parece ter sido enviada por nosso Ambiente. Outra característica é que são suportadas apenas as cifras abaixo: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Se sua aplicação enviar as requisições conforme especificações acima, deverão ser atendidas normalmente. Acredito que esse seja o ponto a cifra!!! I believe this is the point of the figure, is there any way to adjust this? |
I need to integrate with a Bank's API (Banco do Brasil) and it requires the use of TLS1.2, even if I pass the parameter below, it has no effect and I receive a security error. Is there any way to form the connection using TLS1.2?
The text was updated successfully, but these errors were encountered: