Supported cipher suites in outgoing calls
This article lists the cipher suites that are supported on external APIs that are called from Business Central online.
Overview
For Business Central to connect to an external API, the API's web site must use an HTTPS certificate. In Business Central, the certificate must be added to HttpClient instance that will send HTTP requests to and receive HTTP responses from external API. The certificate must use one of supported cipher suites; otherwise, the outgoing web service call will fail with security exception.
A cipher suite is used to help secure web service calls made from the Business Central app to an external URL. A cipher suite is a set of algorithms, which typically include: key exchange, authentication, encryption, and message authentication code (MAC).
Supported cipher suites in HTTPS certificate
| Suite | Protocol | Key exchange algorithm | Authentication algorithm | Encryption algorithm (cipher_keysize_type) | MAC algorithm (Hash) |
|---|---|---|---|---|---|
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | TLS | ECDHE | ECDSA | AES_256_GCM | SHA384 |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | TLS | ECDHE | ECDSA | AES_128_GCM | SHA256 |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | TLS | ECDHE | RSA | AES_256_GCM | SHA384 |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | TLS | ECDHE | RSA | AES_128_GCM | SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | TLS | ECDHE | ECDSA | AES_256_CBC | SHA384 |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | TLS | ECDHE | ECDSA | AES_128_CBC | SHA256 |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | TLS | ECDHE | RSA | AES_256_CBC | SHA384 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | TLS | ECDHE | RSA | AES_128_CBC | SHA256 |
See Also
Call external services with the HttpClient data type
HttpClient Data Type
Programming in AL
Directives in AL
AL Essential Methods