topic howto detect which cipher ciphersuites workspace server uses on windows 2022 in Administration and Deployment

howto detect which cipher ciphersuites workspace server uses on windows 2022

paterd2 — Mon, 27 Jan 2025 13:49:41 GMT

Good afternoon,

we had an CIPHERSUITE issue on windows 2022 and sas 9.4 m8.

ERROR: Secure communications error status 807ff03e description "x.x.x.x: A handshake failure has occurred. This may be because
the remote host cannot support the cipher suites required by the SSL mode."

There were only some cipher suites allowed by the windows team in 2022, we could not get it to work , so they allowed all the old ciphersuites we had in W2012 , now is works fine, but ........they don't like this.

How can i see which ciphersuite is used by SAS or how can I configure this to work on W2022 ?

Regards and TIA
Dik

Re: howto detect which cipher ciphersuites workspace server uses on windows 2022

JackMcGuire — Tue, 28 Jan 2025 08:58:11 GMT

Hi Dik,

The cipher suites used by SAS in SAS 9.4 M8 can be found in the link below:

TLS Versions and Cipher Suites Supported Starting with SAS 9.4M8

(The Cipher Suites Before SAS 9.4 M8 for reference)

On UNIX, the SSLMODE option can be used to control the cipher suites to be used for SAS. The link also details which ciphers are supported in each mode.

I had a issue related to Cipher Suites on SAS 9.4 M8 on Windows where the PowerShell command was returning 0s next to all the Cipher Suite Names:

get-tlsciphersuite | format-table -property ciphersuite, name

To resolve this I needed to enable the Local Group Policy below with the default order (i.e. I just enabled the policy and didn't change the order) for SAS to work:

Local Computer Policy>Computer Configuration>Administrative Templates> Network> SSL Configuration Settings> SSL Configuration Settings

Hope this helps.

Jack

Re: howto detect which cipher ciphersuites workspace server uses on windows 2022

paterd2 — Tue, 28 Jan 2025 09:00:08 GMT

Jack, we look into this, I will update as soon as possible.

Re: howto detect which cipher ciphersuites workspace server uses on windows 2022

doug_sas — Tue, 28 Jan 2025 12:21:19 GMT

The default ciphersuites in 9.4M8 prefer TLS 1.3 and its ciphersuites, but may fall back to TLS 1.2 with some very strong ciphersuites.
It may be the ciphersuites, but it also may be a server certificate that is created with a unsupported hash since most ciphersuites offered require SHA256 or higher.

Re: howto detect which cipher ciphersuites workspace server uses on windows 2022

paterd2 — Fri, 31 Jan 2025 10:18:55 GMT

Jack , we now have a case with support. If there is a solution I will inform you.
Thank you .

Re: howto detect which cipher ciphersuites workspace server uses on windows 2022

paterd2 — Fri, 31 Jan 2025 10:21:35 GMT

Doug , we now have a case with support. If there is a solution I will inform you.
Thank you .

Just to inform you, this is the code we used :

proc http url="https://www.bing.com" method="GET"
proxyhost="http://<ourproxy"
proxyport=<ourproxyport>;
run;
If we went to google it works, but for certain sites we got a handshake error.