on 11-07-2016 4:48 PM
We have enabled TLS 1.2 by deploying the latest patches for PI components.
We
followed the note 2284059 -
Update of SSL library within NW Java server
Set the
min and max protocols to TLSv1.2
However
when we try to make a call to one of our partners they still see we are sending
TLSv1 and not TLSv1.2
Trying to
understand where would it be in SAP PO that would still point TLSv1
From our
partner tomcat logs
[Raw
read]: length = 50000: 16
03 01 00 3F ....?[Raw
read]: length = 630000: 01
00 00 3B 03 01 58 10 BB FA 6D B4 C7 88 C7 E9 ...;..X...m.....0010: 3F 49 62 E2 AE E4 E9 2E 1C E9 37 33 9A 78 8F 3F ?Ib.......73.x.?0020: E8 0D 73 14 F3 50 00 00 14 00 2F 00 33 00 32 00 ..s..P..../.3.2.0030: 0A 00 16 00 13 00 09 00 15 00 12 00 FF 01 00 ...............http-nio-8443-exec-5, READ: TLSv1 Handshake, length = 63*** ClientHello, TLSv1RandomCookie: GMT: 1477425914 bytes = { 109, 180, 199, 136, 199, 233, 63,
73, 98, 226, 174, 228, 233, 46, 28, 233, 55, 51, 154, 120, 143, 63, 232, 13,
115, 20, 243, 80 }Session ID: {}Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]Compression Methods: { 0 }***[read] MD5 and SHA1 hashes: len = 630000: 01 00 00 3B 03 01 58 10 BB FA 6D B4 C7 88 C7 E9 ...;..X...m.....0010: 3F 49 62 E2 AE E4 E9 2E 1C E9 37 33 9A 78 8F 3F ?Ib.......73.x.?0020: E8 0D 73 14 F3 50 00 00 14 00 2F 00 33 00 32 00 ..s..P..../.3.2.0030: 0A
00 16 00 13 00 09 00 15 00 12 00 FF 01 00 ...............http-nio-8443-exec-5,
fatal error: 40: Client requested protocol TLSv1 not enabled or not supportedjavax.net.ssl.SSLHandshakeException:
Client requested protocol TLSv1 not enabled or not supportedhttp-nio-8443-exec-5,
SEND TLSv1.2 ALERT: fatal, description = handshake_failurehttp-nio-8443-exec-5,
WRITE: TLSv1.2 Alert, length = 2http-nio-8443-exec-5,
fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException:
Client requested protocol TLSv1 not enabled or not supported[Raw
write]: length = 70000: 15
03 03 00 02 02 28 ......(http-nio-8443-exec-5,
called closeOutbound()http-nio-8443-exec-5,
closeOutboundInternal()
When we
send with SOAP request we see it is using TLS 1.2. However when we use HTTP
post and send the request it is going to our vendor as TLSv1 instead of TLSv1.2
We have
already upgraded our PI to the lastest SP and patches available on sap. We also
updated the parameter https.protocols on the config tool to mention TLSv1.2
There
should be some other setting that is preventing the HTTP post to not work when
using communicating to our vendor using https.
User | Count |
---|---|
84 | |
9 | |
9 | |
8 | |
7 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.