Supported cipher suites in outgoing calls

This article lists the cipher suites that are supported on external APIs that are called from Business Central online.

Overview

For Business Central to connect to an external API, the API's web site must use an HTTPS certificate. In Business Central, the certificate must be added to HttpClient instance that will send HTTP requests to and receive HTTP responses from external API. The certificate must use one of supported cipher suites; otherwise, the outgoing web service call will fail with security exception.

A cipher suite is used to help secure web service calls made from the Business Central app to an external URL. A cipher suite is a set of algorithms, which typically include: key exchange, authentication, encryption, and message authentication code (MAC).

Supported cipher suites in HTTPS certificate

Suite Protocol Key exchange algorithm Authentication algorithm Encryption algorithm (cipher_keysize_type) MAC algorithm (Hash)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS ECDHE ECDSA AES_256_GCM SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS ECDHE ECDSA AES_128_GCM SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS ECDHE RSA AES_256_GCM SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS ECDHE RSA AES_128_GCM SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS ECDHE ECDSA AES_256_CBC SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS ECDHE ECDSA AES_128_CBC SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS ECDHE RSA AES_256_CBC SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS ECDHE RSA AES_128_CBC SHA256

Call external services with the HttpClient data type
HttpClient Data Type
Programming in AL
Directives in AL
AL Essential Methods