James Francione
asked on
Need to enforce TLS 1.2 in a PERL script running on AIX platform
I have a perl script that is doing a REST call to a server . The REST call is working as designed. I now have to enforce TLS 1.2 for that REST API call in the perl script but I do not know what I have to modify. Any help would be appreciated.
I have until 10/30/2019 to fix as the server receiving the REST call will begin to refuse TLS 1.0 connections.
I have until 10/30/2019 to fix as the server receiving the REST call will begin to refuse TLS 1.0 connections.
What modules are you using for the Rest call?
ASKER
Noci,
sorry, I am not too familiar with using Perl and the REST call as I pretty much cookbooked this:
/usr/opt/perl5/lib/site_pe rl/5.10.1/ REST/Clien t.pm
Please let me know if this answers your question
thank you
sorry, I am not too familiar with using Perl and the REST call as I pretty much cookbooked this:
/usr/opt/perl5/lib/site_pe
Please let me know if this answers your question
thank you
ASKER
sorry, here is the module Client.pm (attached)
Client.pm
Client.pm
Server side code enforces TLS level.
Just setup your server side to follow best practices, which currently means forcing only TLSv1.2 + TLSv1.3 + disabling all other protocols.
This means your PERL script must be able to understand TLSv1.2 for a connection to occur.
So primarily a server side config, rather than client side config.
Just setup your server side to follow best practices, which currently means forcing only TLSv1.2 + TLSv1.3 + disabling all other protocols.
This means your PERL script must be able to understand TLSv1.2 for a connection to occur.
So primarily a server side config, rather than client side config.
Ok the module is then REST::Client from perl,
More info can be found here: https://metacpan.org/pod/REST::Client
AFAICT REST::Client provides no methods to specify this.
Instead it is a wrapper around LWP::Useragent.
You can use that class, or prepare a useragent and pass that to REST::Client.
Along the following:
# Setup the call
my $ua = LWP::UserAgent->new(ssl_op ts => { verify_hostname => 0,
SSL_version => 'tlsv12' });
This $ua can then be set in a REST::Client->new({ UserAgent => $ua ...} )
More info can be found here: https://metacpan.org/pod/REST::Client
AFAICT REST::Client provides no methods to specify this.
Instead it is a wrapper around LWP::Useragent.
You can use that class, or prepare a useragent and pass that to REST::Client.
Along the following:
# Setup the call
my $ua = LWP::UserAgent->new(ssl_op
SSL_version => 'tlsv12' });
This $ua can then be set in a REST::Client->new({ UserAgent => $ua ...} )
ASKER
@David: thank you for your input, however, the issue is that the Server side is a site I don't control. You are correct in that the server side is dictating what they do accept. The owners of the server side began to enforce TLS 1.2, thus denying all of my client side traffic. They agreed to roll back their change to allow me to fix my (client side) to send TLS 1.2 .
@noci,
thank you for your input. I will take a look at this and update you on Monday..
@noci,
thank you for your input. I will take a look at this and update you on Monday..
If that's the case, then noci's suggestion will be best.
ASKER
David,
the developers here understand most of your response, except this portion:
This $ua can then be set in a REST::Client->new({ UserAgent => $ua ...} )
can you please elaborate?
Can you provide the exact syntax in that line, without the three dots after the $ua variable
the developers here understand most of your response, except this portion:
This $ua can then be set in a REST::Client->new({ UserAgent => $ua ...} )
can you please elaborate?
Can you provide the exact syntax in that line, without the three dots after the $ua variable
ASKER
@noci,
the developers here understand most of your response, except this portion:
This $ua can then be set in a REST::Client->new({ UserAgent => $ua ...} )
can you please elaborate?
Can you provide the exact syntax in that line, without the three dots after the $ua variable
the developers here understand most of your response, except this portion:
This $ua can then be set in a REST::Client->new({ UserAgent => $ua ...} )
can you please elaborate?
Can you provide the exact syntax in that line, without the three dots after the $ua variable
You crate a useragent setting Then you pass the created useragent object to the REST::Client when a new object is created.
Here is the description programmers should understand: https://metacpan.org/pod/REST::Client
and this for LWP: https://metacpan.org/pod/LWP
the ... can be:
Here is the description programmers should understand: https://metacpan.org/pod/REST::Client
and this for LWP: https://metacpan.org/pod/LWP
the ... can be:
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0,
SSL_version => 'tlsv12' });
$client = REST::Client->new({
host => 'https://example.com',
cert => '/path/to/ssl.crt',
key => '/path/to/ssl.key',
ca => '/path/to/ca.file',
useragent => $ua,
timeout => 10,
});
REST::Client uses LWP::UserAgent as a part of it's work.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.