For a deeper look into our Elektron API, look into:

Overview |  Quickstart |  Documentation |  Downloads |  Tutorials |  Articles

question

Upvotes
Accepted
billyboy avatar image
37 3 3 5

TLS version Elektron Zero Daemon

Is there a way to configure which version of TLS the Elektron Zero Daemon is using for connections over the internet? I have EZD version 1.2.1.L1. By default it appears to be using TLS v1.0.

------------

Edit:

We are running on Linux, and the OpenSSL version that we have is: OpenSSL 1.0.1e-fips 11 Feb 2013

This is also the version listed in the EZD Install documentation. I believe this version should support TLSv1.2. However, when we run EZD it is defaulting to v1.0.

I get the following error in ezd.log:

Text: <Impl/ripcsslutils.c:932> ripc11SSLInitConnection error on SSL_connect SSL Error: 1 retVal: 0 errno: 0 93727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:

When I just connect to the endpoints with the same version of openssl, it defaults to TLSv1.2 and returns the server certificate.

openssl s_client -connect amers1.streaming-ec.cp.thomsonreuters.com:443
...
SSL-Session:
    Protocol  : TLSv1.2
...
elektronrefinitiv-realtimeelektron-sdktls
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jirapongse avatar image   Jirapongse

@bill.harding

Hi,

I found that you have submitted a case to the EZD support team to verify this issue.

If possible, please share an answer, and then accept it. Therefore, this will guide all community members who have a similar question

Regards,

AHS

2 Answers

· Write an Answer
Upvote
Accepted
billyboy avatar image
37 3 3 5

EZD 1.2 appears to be hardcoded to use TLSv1.0 (at least the Linux release). It appears to call "TLSv1_client_method(void)". The OpenSSL docs recommend using the general-purpose TLS_client_method(void) which allows the client/server to negotiate on the highest version supported by both client and server.

We had to update to EZD 1.3 which does support TLSv1.2.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
warat.boonyanit avatar image
4.4k 10 6 9

Hi @bill.harding

EZD use either OpenSSL (Linux) or WinInet (Windows) to perform TLS security.

If you are on Linux, then please check the OpenSSL version.

If you are on Windows, then verify that TLS1.2 is set in Control Panel > Internet Options > Advanced > Security settings.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

billyboy avatar image billyboy

Thanks @Warat B.

We are running on Linux, and the OpenSSL version that we have is: OpenSSL 1.0.1e-fips 11 Feb 2013

This is also the version listed in the EZD Install documentation. I believe this version should support TLSv1.2. However, when we run EZD it is defaulting to v1.0. Any help would be appreciated.

warat.boonyanit avatar image warat.boonyanit billyboy

@bill.harding

EZD will load the OpenSSL lib from libssl.so.10

So, make sure that your /usr/lib64/libssl.so.10 link is linked to the latest OpenSSL lib.

Otherwise, you can specify the OpenSSL lib name in ezd.cnf file. The parameter is:

*ezd*libNameOpenSSL

Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.