Hello
I am using Order Management from a Gateway already connected to shopify.
So the flow or order management is that when a Store tries to capture or post a transaction, Shopify first connects to our Gateway and posts the transaction. As per shopify requirements, Gateway does not replies the result within that same message and only requires Gateways to send a 200 reply (or "ok"). Shopify requires Gateway to send a post transaction to a url that we get on the previous request (usually ****.myshopify.com).
So issue we are having is that we get a "The request was aborted: Could not create SSL/TLS secure channel." message. On the server that is creating the request we can navigate perfectly to the store, so we are sure we have the correct ciphers as client, correct protocols as client (tls 1.2)
Is it possible to review this from shopify's side for our requests?
I see that ciphers published by myshopify.com are the following, but we do support them and being able to use from browser shows me that.
| Cipher Suites |
# TLS 1.3 (server has no preference) |
| TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS | 128 |
| TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS | 256 |
| TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS | 256 |
# TLS 1.2 (suites in server-preferred order) |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH x25519 (eq. 3072 bits RSA) FS | 128 |
| OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14) ECDH x25519 (eq. 3072 bits RSA) FS | 256P |
| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) ECDH x25519 (eq. 3072 bits RSA) FS | 256P |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH x25519 (eq. 3072 bits RSA) FS | 256 |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS | 128 |
| OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13) ECDH x25519 (eq. 3072 bits RSA) FS | 256P |
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS | 256P |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
| TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK | 128 |
| TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK | 128 |
| TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK | 128 |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS | 256 |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
| TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK | 256 |
| TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK | 256 |
| TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK | 256 |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK | 128 |
| (P) This server prefers ChaCha20 suites with clients that don't have AES-NI (e.g., Android devices) |
