on 06-28-2016 10:55 AM
Dear All,
We are getting a following error in SAP PO system when we send messages to SFDC.
We already enabled TLS 1.1 and TLS 1.2 in our system and we had tested and the response below,
SSLv3: record=(3,0), ClientHello=(3,0) no TLS extensions
<HostName>... sending ClientHello (len=58)
OK: ServerHello.server_version=(3,0) = (SSLv3)
ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA
TLSv1.0: record=(3,0), ClientHello=(3,1) no TLS extensions
<HostName>... sending ClientHello (len=58)
OK: ServerHello.server_version=(3,1) = (TLSv1.0)
ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA
TLSv1.1: record=(3,0), ClientHello=(3,2) no TLS extensions
<HostName>... sending ClientHello (len=58)
OK: ServerHello.server_version=(3,2) = (TLSv1.1)
ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA
TLSv1.2: record=(3,0), ClientHello=(3,3) no TLS extensions
<HostName>... sending ClientHello (len=58)
OK: ServerHello.server_version=(3,3) = (TLSv1.2)
ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA
Also messages are going twice and one is successful and another one is failed. But still the information is not updated in SFDC.
Also we could see the below message in SFDC side but we already enabled TLS1.1 and TLS 1.2 as I mentioned.
Could you please help with this?
Regards,
Jegan Raj
Hi,
Please check the below SAP note and
2284059 - Update of SSL library within NW Java server
regards,
Harish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Follow this . You should implement notes to make your system support TLS 1.1/1.2
https://scn.sap.com/community/pi-and-soa-middleware/blog/2016/06/06/outbound-support-for-tls-1112
Thanks,
Apu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
If you are trying to connect to SalesForce then your PI acts as a client. If the AS Java acts as a client you need to implement SAP Note 2284059. Before this patch when the AS Java acted as client the communication was available only on TLS1.0. This patch enables your AS Java to use TLS1.0, TLS1.1 and TLS1.2
Regards,
Mate
PS: If you implement the patches only the AS Java will be able to use TLS1.1 and TLS1.2. The SCN blogs are about mainly overriding the default settings.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.