Adobe ExtendScript http request fails: no shared cipher

Question

For my Adobe CEP project I try to call to a REST API over https from the Javascript side:

var xmlhttp = new XMLHttpRequest();
xmlhttp.open('GET', 'https://***/api/books', true);
xmlhttp.setRequestHeader('Authorization', 'Basic NDI5MDk...');
xmlhttp.send(null);
if(xmlhttp.status == 200) {
  alert(xmlhttp.responseText);
}

The code triggers the following output in the console:

net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Looking at the nginx server log on the other side, there is only a single error message:

2016/09/29 11:25:34 [info] 7048#7048: *4396957 SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking, client: **.**.**.**, server: 0.0.0.0:443

Other clients have no problems connecting to the server. The web server is very stable and well maintained, runs TSL 1.2 and supports all secure ciphers:

443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 4096) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 4096) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

What is happening here? What would be the appropriate way to investigate, better yet to fix this problem?

Hi Jens, you wrote that you started this code from your Adobe ExtendScript, but as far as I know there is no XMLHttpRequest() object for Extendscript. *I would be very interested if that is really an option*. I got "XMLHttpRequest does not have a constructor" error, trying your code as an ExtendScript now. Perhaps you were referring to a normal javascript js file in a CEP (html panels) solution, and that you raised an event from the ExtendScript to start your request? — Andreas Jansson, Apr 19 '18 at 14:09
@AndreasJansson, yes, my bad, correcting the writeup. I’ve used the Javascript side in a CEP project and not the ExtendScript side. However, you may be interested in this solution: https://github.com/grefel/restix — Jens, Apr 19 '18 at 21:58

Jens · Accepted Answer · 2018-04-19T22:01:09.433

0

It turns out that InDesign's Javascript side is unable to establish a connection using TLS 1.2. After enabling TLS 1 and 1.1 on our server (while maintaining our A+ rating), everything worked.

edited Apr 19 '18 at 22:01

answered Oct 12 '16 at 20:55

Jens

121
4

Adobe ExtendScript http request fails: no shared cipher

1 Answers1