Yeah, pretty sure. FME (on windows) uses OpenSSL. In FME 2023.1 I can see the version of OpenSSL is 3.0.10. OpenSSL was introduced to OpenSSL back in version 1.1 or something.
You can turn on debug logging in FME and send an HTTP request to server an see which protocol gets used in the log message.
I just pinged an FME Cloud instance running FME Server 2022 from FME Desktop 2023.1. This was in my log file:
There are, however, a number of way which FME makes calls to the web. For example there are a number of Python based formats and tools (e.g., S3Connector). It could be that some of there for some reason do not support TLS 1.3, however, I would be very surprised.
When I have debug logging on I don’t see anything about TLS. I get:
This is a successfull call.
However, we have been provided another server that is causing an issue, and they have just informed us that TLS 1.2 is not supported on this. This is the log when I call that:
I presume FME is reliant on Operating System settings for this kind of thing and I have to get our IT on to it.
TLS 1.3 is not supported on any version of Windows 10.
Pretty sure this is my problem, and don’t like my chances of getting IT to sort this out until 11 is installed.
Oh good find. Strange that it not supported on Windows 10. Certainly a good reason to upgrade to Windows 11. Is the service you want to connect to required 1.3? I wonder if they know that this means no system running Windows 10 can use it.
It only seems to affect the API endpoint where we are trying to POST data to. Browsing to the home page is fine with a Windows 10 machine. Interestingly in the browser (Chrome & Edge), the API endpoint is deemed not secure before authenticating. Once authenticated it is deemed as secure.
I presume the problem we have with the FME HTTPCaller is that it has to connect securely before authenticating.
A colleague has sketched up a workaround using a PythonCaller to make the HTTP request, and this seems to be able to connect successfully, particularly if we provide the certificate as one of the parameters.
Interesting - have you played around with the Advanced Security settings in the HTTPCaller
There are a couple of options there. One about weather or not to verify the certificate and another to lower the minimum encryption strength. Perhaps the service is using a weak encryption method that you OS doesn’t like.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.