Skip to Content
0

SAP PI connecter SOAP receivers HTTPS cypher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Dec 18, 2017 at 11:23 AM

111

avatar image

Hi The community,

we are in SAP PI 7.40 SP13, I have an issue of connection in an communication channel SOAP receiver HTTPS.

The mesage is "Failes to get the input stream from socket: iaik.security.ssl.SSL.Exception: Peer send alert: Alert Fatal: handshake failure.

The cypher suite of the exposed webservice is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

I think that this cypher suite is not allowed in library of PI.

Can somebody help me?

Kind regards

Eric Koralewski

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Liz Jin
Dec 19, 2017 at 01:08 AM
0

Hi Eric,

You are right, ECDHE cipher suite is not supported by PI, hence the handshake error occurred. Since the cipher suite is not supported by PI, the target system should add more cipher suites in the supported list. The supported cipher suites by PI are listed in the following note:

2284059- Update of SSL library within NW Java server Cipher suites supported in the default configuration:

TLS_RSA_WITH_AES_256_GCM_SHA384 *

TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 *

TLS_RSA_WITH_AES_256_CBC_SHA256 *

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 *

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA *

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA *

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

SSL_RSA_WITH_3DES_EDE_CBC_SHA

SSL_RSA_WITH_RC4_128_SHA

If there are overlapped cipher suites between PI and the target server, the handshake will success. Also, you can modify the list of the supported cipher suites, please check the part 5.2 of the note in details.

Best Regards,

Liz

Share
10 |10000 characters needed characters left characters exceeded