on 01-20-2016 10:05 AM
Hello everyone,
We want to disable SSL protocol and enable TLS protocol on our PO 7.4 single stack Java only.
We have followed the below notes and it has not helped us in anyway,
Also we set up the profile parameters , but still we are getting Handshake failure error, the same working fine with SOAPUI.
ssl/ciphersuites = 135:HIGH:MEDIUM:+e3DES
ssl/client_ciphersuites = 208:HIGH:MEDIUM:+e3DES
Any help appreciated.
Take a look at note: 2284059
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Rajiv,
Please check out this note:
510007 - Setting up SSL on Application Server ABAP
Point #6
Do you use the SAPCRYPTOLIB mentioned in the note?
Best Regards,
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Rajiv,
It is also important to mention that it is important to know that in your scenario AS Java 7.4 plays a server or a client role.
In case the AS Java 7.4 (which uses ICM) is the server, the SAP Cryptolib is used and the note above should be followed. The configuration is done by changing the ICM parameters.
When the AS Java 7.4 is a client in this scenario the SAP Java Cryptographic Toolkit is used, which at this moment does not support TLS1.2. Only TLS1.0 is supported now and the TLS1.2 support development is in progress.
Best Regards,
Peter
Hello Rajiv,
Please check out this note: 1461912 - SSL Administration in a Dual-Stack Installation. And the links inside the note. These are the steps that should be followed.
Best Regards,
Peter
Hi Peter
We use SAP PI 7.30 SP05 (old). But we use CommonCryptoLib 8.4.41 pl40. We have kernel 721_EXT_REL patch number 600. We call a web SOAP (receiver) service API of PayPal which requires TLSv1.2 to my understanding. So we are the client and we are on the java stack. You wrote on 26/01/2016 that TLSv1.2 is not supported but development is in progress. My question: what is your source of this information? Is there any outlook when it becomes available? Is your remark only for AS Java 7.4 (NW) or also for NW 7.3?
Best regards;
Wilbert
Hello Wilbert,
When I wrote my post I consulted with the developer colleagues.
At this moment I cannot provide any ETA of this feature's availability.
In client scenarios, above 7.1 (so 7.3 and 7.4 is equivalent here from this point of view) the SAP Java Cryptograpic Toolkit is used, which currently does not have TLS1.2 support.
Best Regards,
Peter
Peter
Thank you for the reply. Currently 3 companies have issues with this. I will contact SAP support directly for this.
See: http://scn.sap.com/thread/3855131 for issue in various versions of SAP PI.
Best regards;
Wilbert
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.