Skip to Content

SAP PI connecter SOAP receivers HTTPS cypher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Hi The community,

we are in SAP PI 7.40 SP13, I have an issue of connection in an communication channel SOAP receiver HTTPS.

The mesage is "Failes to get the input stream from socket: iaik.security.ssl.SSL.Exception: Peer send alert: Alert Fatal: handshake failure.

The cypher suite of the exposed webservice is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

I think that this cypher suite is not allowed in library of PI.

Can somebody help me?

Kind regards

Eric Koralewski

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Dec 19, 2017 at 01:08 AM

    Hi Eric,

    You are right, ECDHE cipher suite is not supported by PI, hence the handshake error occurred. Since the cipher suite is not supported by PI, the target system should add more cipher suites in the supported list. The supported cipher suites by PI are listed in the following note:

    2284059- Update of SSL library within NW Java server Cipher suites supported in the default configuration:

    TLS_RSA_WITH_AES_256_GCM_SHA384 *

    TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 *

    TLS_RSA_WITH_AES_256_CBC_SHA256 *

    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 *

    TLS_RSA_WITH_AES_128_GCM_SHA256

    TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256

    TLS_RSA_WITH_AES_128_CBC_SHA256

    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

    TLS_RSA_WITH_AES_256_CBC_SHA *

    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA *

    TLS_RSA_WITH_AES_128_CBC_SHA

    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

    SSL_RSA_WITH_3DES_EDE_CBC_SHA

    SSL_RSA_WITH_RC4_128_SHA

    If there are overlapped cipher suites between PI and the target server, the handshake will success. Also, you can modify the list of the supported cipher suites, please check the part 5.2 of the note in details.

    Best Regards,

    Liz

    Add comment
    10|10000 characters needed characters exceeded