cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue in Message Sending - SAP PO TLS 1.0, TLS 1.1

Go to solution
former_member185488
Participant

on ‎06-28-2016 10:55 AM

0 Kudos

Dear All,

We are getting a following error in SAP PO system when we send messages to SFDC.

We already enabled TLS 1.1 and TLS 1.2 in our system and we had tested and the response below,

SSLv3: record=(3,0), ClientHello=(3,0) no TLS extensions

       <HostName>... sending ClientHello (len=58)

   OK: ServerHello.server_version=(3,0) = (SSLv3)

        ServerHello.cs={ 0x00,0x2f }  TLS_RSA_WITH_AES128_CBC_SHA

TLSv1.0: record=(3,0), ClientHello=(3,1) no TLS extensions

       <HostName>... sending ClientHello (len=58)

   OK: ServerHello.server_version=(3,1) = (TLSv1.0)

        ServerHello.cs={ 0x00,0x2f }  TLS_RSA_WITH_AES128_CBC_SHA

TLSv1.1: record=(3,0), ClientHello=(3,2) no TLS extensions

       <HostName>... sending ClientHello (len=58)

   OK: ServerHello.server_version=(3,2) = (TLSv1.1)

        ServerHello.cs={ 0x00,0x2f }  TLS_RSA_WITH_AES128_CBC_SHA

TLSv1.2: record=(3,0), ClientHello=(3,3) no TLS extensions

      <HostName>... sending ClientHello (len=58)

   OK: ServerHello.server_version=(3,3) = (TLSv1.2)

        ServerHello.cs={ 0x00,0x2f }  TLS_RSA_WITH_AES128_CBC_SHA

Also messages are going twice and one is successful and another one is failed. But still the information is not updated in SFDC.

Also we could see the below message in SFDC side but we already enabled TLS1.1 and TLS 1.2 as I mentioned.

Could you please help with this?

Regards,

Jegan Raj

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Harish
Active Contributor
‎06-29-2016 12:55 AM
0 Kudos

Hi,

Please check the below SAP note and

2284059 - Update of SSL library within NW Java server


2110020 - Enabling TLS or disabling SSLv3 protocol versions on SAP WebDispatcher, or SAP WebAS (AS A...


also blog -


regards,

Harish

Show replies
Show replies

Answers (2)

Answers (2)

apu_das2
Active Contributor
‎07-28-2016 10:57 AM
0 Kudos

Follow this . You should implement notes to make your system support TLS 1.1/1.2

https://scn.sap.com/community/pi-and-soa-middleware/blog/2016/06/06/outbound-support-for-tls-1112

Thanks,

Apu

Show replies
Show replies
mate_moricz
Advisor
Advisor
‎07-28-2016 10:27 AM
0 Kudos

Hi,

If you are trying to connect to SalesForce then your PI acts as a client. If the AS Java acts as a client you need to implement SAP Note 2284059. Before this patch when the AS Java acted as client the communication was available only on TLS1.0. This patch enables your AS Java to use TLS1.0, TLS1.1 and TLS1.2

Regards,
Mate

PS: If you implement the patches only the AS Java will be able to use TLS1.1 and TLS1.2. The SCN blogs are about mainly overriding the default settings.

Show replies
Show replies
Ask a Question