Skip to Content

SAP PI connecter SOAP receivers HTTPS cypher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Hi The community,

we are in SAP PI 7.40 SP13, I have an issue of connection in an communication channel SOAP receiver HTTPS.

The mesage is "Failes to get the input stream from socket: iaik.security.ssl.SSL.Exception: Peer send alert: Alert Fatal: handshake failure.

The cypher suite of the exposed webservice is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

I think that this cypher suite is not allowed in library of PI.

Can somebody help me?

Kind regards

Eric Koralewski

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on Dec 19, 2017 at 01:08 AM

    Hi Eric,

    You are right, ECDHE cipher suite is not supported by PI, hence the handshake error occurred. Since the cipher suite is not supported by PI, the target system should add more cipher suites in the supported list. The supported cipher suites by PI are listed in the following note:

    2284059- Update of SSL library within NW Java server Cipher suites supported in the default configuration:

    TLS_RSA_WITH_AES_256_GCM_SHA384 *

    TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 *

    TLS_RSA_WITH_AES_256_CBC_SHA256 *

    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 *

    TLS_RSA_WITH_AES_128_GCM_SHA256

    TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256

    TLS_RSA_WITH_AES_128_CBC_SHA256

    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

    TLS_RSA_WITH_AES_256_CBC_SHA *

    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA *

    TLS_RSA_WITH_AES_128_CBC_SHA

    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

    SSL_RSA_WITH_3DES_EDE_CBC_SHA

    SSL_RSA_WITH_RC4_128_SHA

    If there are overlapped cipher suites between PI and the target server, the handshake will success. Also, you can modify the list of the supported cipher suites, please check the part 5.2 of the note in details.

    Best Regards,

    Liz

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.