Hi @billyboy
EZD use either OpenSSL (Linux) or WinInet (Windows) to perform TLS security.
If you are on Linux, then please check the OpenSSL version.
If you are on Windows, then verify that TLS1.2 is set in Control Panel > Internet Options > Advanced > Security settings.
TLS version Elektron Zero Daemon
Is there a way to configure which version of TLS the Elektron Zero Daemon is using for connections over the internet? I have EZD version 1.2.1.L1. By default it appears to be using TLS v1.0.
------------
Edit:
We are running on Linux, and the OpenSSL version that we have is: OpenSSL 1.0.1e-fips 11 Feb 2013
This is also the version listed in the EZD Install documentation. I believe this version should support TLSv1.2. However, when we run EZD it is defaulting to v1.0.
I get the following error in ezd.log:
Text: <Impl/ripcsslutils.c:932> ripc11SSLInitConnection error on SSL_connect SSL Error: 1 retVal: 0 errno: 0 9372714094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:
When I just connect to the endpoints with the same version of openssl, it defaults to TLSv1.2 and returns the server certificate.
openssl s_client -connect amers1.streaming-ec.cp.thomsonreuters.com:443
...
SSL-Session:
Protocol : TLSv1.2
...
Best Answer
-
EZD 1.2 appears to be hardcoded to use TLSv1.0 (at least the Linux release). It appears to call "TLSv1_client_method(void)". The OpenSSL docs recommend using the general-purpose TLS_client_method(void) which allows the client/server to negotiate on the highest version supported by both client and server.
We had to update to EZD 1.3 which does support TLSv1.2.
0
Answers
-
Hi @billyboy
EZD use either OpenSSL (Linux) or WinInet (Windows) to perform TLS security.
If you are on Linux, then please check the OpenSSL version.
If you are on Windows, then verify that TLS1.2 is set in Control Panel > Internet Options > Advanced > Security settings.
0 -
Thanks @warat.boonyanit
We are running on Linux, and the OpenSSL version that we have is: OpenSSL 1.0.1e-fips 11 Feb 2013
This is also the version listed in the EZD Install documentation. I believe this version should support TLSv1.2. However, when we run EZD it is defaulting to v1.0. Any help would be appreciated.
0 -
EZD will load the OpenSSL lib from libssl.so.10
So, make sure that your /usr/lib64/libssl.so.10 link is linked to the latest OpenSSL lib.
Otherwise, you can specify the OpenSSL lib name in ezd.cnf file. The parameter is:
*ezd*libNameOpenSSL
0 -
I am fairly certain the problem is not with EZD finding the OpenSSL library. My /usr/lib64/libssl.so.10 is linked to the same version of the library that we have installed.
bash-4.1$ ls -al /usr/lib64/libssl.so.10
lrwxrwxrwx 1 root root 16 Jan 20 04:27 /usr/lib64/libssl.so.10 -> libssl.so.1.0.1eAnyway, we are able to connect to the Thomson Reuters endpoints with EZD, but it uses TLSv1.0 when it connects. I am trying to figure out how to get EZD to use TLSv1.2.
When I connect ONLY using OpenSSL, it does connect to the TR endpoints with TLSv1.2.
Does EZD not support TLSv1.2?
0
Categories
- All Categories
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 684 Datastream
- 1.4K DSS
- 613 Eikon COM
- 5.2K Eikon Data APIs
- 10 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 248 ETA
- 552 WebSocket API
- 37 FX Venues
- 14 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 23 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 275 Open PermID
- 44 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 22 RDMS
- 1.9K Refinitiv Data Platform
- 629 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 26 DACS Station
- 121 Open DACS
- 1.1K RFA
- 104 UPA
- 191 TREP Infrastructure
- 228 TRKD
- 915 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 86 Workspace SDK
- 11 Element Framework
- 5 Grid
- 18 World-Check Data File
- 1 Yield Book Analytics
- 46 中文论坛