Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Elektron /
avatar image
Question by billyboy · Jan 30 at 01:27 PM · elektronezdsecuritytls

TLS version Elektron Zero Daemon

Is there a way to configure which version of TLS the Elektron Zero Daemon is using for connections over the internet? I have EZD version 1.2.1.L1. By default it appears to be using TLS v1.0.

------------

Edit:

We are running on Linux, and the OpenSSL version that we have is: OpenSSL 1.0.1e-fips 11 Feb 2013

This is also the version listed in the EZD Install documentation. I believe this version should support TLSv1.2. However, when we run EZD it is defaulting to v1.0.

I get the following error in ezd.log:

Text: <Impl/ripcsslutils.c:932> ripc11SSLInitConnection error on SSL_connect SSL Error: 1 retVal: 0 errno: 0 93727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:

When I just connect to the endpoints with the same version of openssl, it defaults to TLSv1.2 and returns the server certificate.

openssl s_client -connect amers1.streaming-ec.cp.thomsonreuters.com:443
...
SSL-Session:
    Protocol  : TLSv1.2
...

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Replies

  • Sort: 
avatar image
Best Answer
Answer by billyboy · Mar 01 at 09:36 AM

EZD 1.2 appears to be hardcoded to use TLSv1.0 (at least the Linux release). It appears to call "TLSv1_client_method(void)". The OpenSSL docs recommend using the general-purpose TLS_client_method(void) which allows the client/server to negotiate on the highest version supported by both client and server.

We had to update to EZD 1.3 which does support TLSv1.2.

Comment
jirapongse.phuriphanvichai

People who like this

1 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Warat B. · Jan 31 at 01:14 AM

Hi @bill.harding

EZD use either OpenSSL (Linux) or WinInet (Windows) to perform TLS security.

If you are on Linux, then please check the OpenSSL version.

If you are on Windows, then verify that TLS1.2 is set in Control Panel > Internet Options > Advanced > Security settings.

Comment

People who like this

0 Show 3 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
billyboy · Jan 31 at 09:13 AM 0
Share

Thanks @Warat B.

We are running on Linux, and the OpenSSL version that we have is: OpenSSL 1.0.1e-fips 11 Feb 2013

This is also the version listed in the EZD Install documentation. I believe this version should support TLSv1.2. However, when we run EZD it is defaulting to v1.0. Any help would be appreciated.

avatar image
REFINITIV
Warat B. ♦♦ billyboy · Feb 01 at 04:23 AM 0
Share

@bill.harding

EZD will load the OpenSSL lib from libssl.so.10

So, make sure that your /usr/lib64/libssl.so.10 link is linked to the latest OpenSSL lib.

Otherwise, you can specify the OpenSSL lib name in ezd.cnf file. The parameter is:

*ezd*libNameOpenSSL

avatar image
billyboy Warat B. ♦♦ · Feb 01 at 08:45 AM 0
Share

@Warat B.

I am fairly certain the problem is not with EZD finding the OpenSSL library. My /usr/lib64/libssl.so.10 is linked to the same version of the library that we have installed.

bash-4.1$ ls -al /usr/lib64/libssl.so.10
lrwxrwxrwx 1 root root 16 Jan 20 04:27 /usr/lib64/libssl.so.10 -> libssl.so.1.0.1e

Anyway, we are able to connect to the Thomson Reuters endpoints with EZD, but it uses TLSv1.0 when it connects. I am trying to figure out how to get EZD to use TLSv1.2.

When I connect ONLY using OpenSSL, it does connect to the TR endpoints with TLSv1.2.

Does EZD not support TLSv1.2?

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
8 People are following this question.

Related Questions

Is there anyway to monitor status of EC EZD 1 Answer

Is there any C# sample code available for Elektron connect to get TRNA data? 2 Answers

Connection Down for EZD 1 Answer

OmmConsumer registerClient single-threaded? 3 Answers

Error: 1009 - "Unable to get session channel buffer to send message." 1 Answer

  • Feedback
  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Careers
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Calais
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Elektron Data Platform
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRIT
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • World-Check Data File
  • Explore
  • Tags
  • Questions
  • Badges