Skip to Content

Issue in Message Sending - SAP PO TLS 1.0, TLS 1.1

Dear All,

We are getting a following error in SAP PO system when we send messages to SFDC.

We already enabled TLS 1.1 and TLS 1.2 in our system and we had tested and the response below,

SSLv3: record=(3,0), ClientHello=(3,0) no TLS extensions

<HostName>... sending ClientHello (len=58)

OK: ServerHello.server_version=(3,0) = (SSLv3)

ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA

TLSv1.0: record=(3,0), ClientHello=(3,1) no TLS extensions

<HostName>... sending ClientHello (len=58)

OK: ServerHello.server_version=(3,1) = (TLSv1.0)

ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA

TLSv1.1: record=(3,0), ClientHello=(3,2) no TLS extensions

<HostName>... sending ClientHello (len=58)

OK: ServerHello.server_version=(3,2) = (TLSv1.1)

ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA

TLSv1.2: record=(3,0), ClientHello=(3,3) no TLS extensions

<HostName>... sending ClientHello (len=58)

OK: ServerHello.server_version=(3,3) = (TLSv1.2)

ServerHello.cs={ 0x00,0x2f } TLS_RSA_WITH_AES128_CBC_SHA

Also messages are going twice and one is successful and another one is failed. But still the information is not updated in SFDC.

Also we could see the below message in SFDC side but we already enabled TLS1.1 and TLS 1.2 as I mentioned.

Could you please help with this?

Regards,

Jegan Raj

pastedImage_0.png (20.7 kB)
pastedImage_1.png (18.5 kB)
Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Jun 28, 2016 at 11:55 PM
    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 28, 2016 at 09:27 AM

    Hi,

    If you are trying to connect to SalesForce then your PI acts as a client. If the AS Java acts as a client you need to implement SAP Note 2284059. Before this patch when the AS Java acted as client the communication was available only on TLS1.0. This patch enables your AS Java to use TLS1.0, TLS1.1 and TLS1.2

    Regards,
    Mate

    PS: If you implement the patches only the AS Java will be able to use TLS1.1 and TLS1.2. The SCN blogs are about mainly overriding the default settings.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 28, 2016 at 09:57 AM

    Follow this . You should implement notes to make your system support TLS 1.1/1.2

    https://scn.sap.com/community/pi-and-soa-middleware/blog/2016/06/06/outbound-support-for-tls-1112

    Thanks,

    Apu

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.