Skip to Content
0

HTTP Post Using TLS 1.2?

Nov 07, 2016 at 04:48 PM

110

avatar image

We have enabled TLS 1.2 by deploying the latest patches for PI components.

We followed the note 2284059 - Update of SSL library within NW Java server
Set the min and max protocols to TLSv1.2
However when we try to make a call to one of our partners they still see we are sending TLSv1 and not TLSv1.2
Trying to understand where would it be in SAP PO that would still point TLSv1
From our partner tomcat logs
[Raw read]: length = 50000: 16 03 01 00 3F ....?[Raw read]: length = 630000: 01 00 00 3B 03 01 58 10 BB FA 6D B4 C7 88 C7 E9 ...;..X...m.....0010: 3F 49 62 E2 AE E4 E9 2E 1C E9 37 33 9A 78 8F 3F ?Ib.......73.x.?0020: E8 0D 73 14 F3 50 00 00 14 00 2F 00 33 00 32 00 ..s..P..../.3.2.0030: 0A 00 16 00 13 00 09 00 15 00 12 00 FF 01 00 ...............http-nio-8443-exec-5, READ: TLSv1 Handshake, length = 63*** ClientHello, TLSv1RandomCookie: GMT: 1477425914 bytes = { 109, 180, 199, 136, 199, 233, 63, 73, 98, 226, 174, 228, 233, 46, 28, 233, 55, 51, 154, 120, 143, 63, 232, 13, 115, 20, 243, 80 }Session ID: {}Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]Compression Methods: { 0 }***[read] MD5 and SHA1 hashes: len = 630000: 01 00 00 3B 03 01 58 10 BB FA 6D B4 C7 88 C7 E9 ...;..X...m.....0010: 3F 49 62 E2 AE E4 E9 2E 1C E9 37 33 9A 78 8F 3F ?Ib.......73.x.?0020: E8 0D 73 14 F3 50 00 00 14 00 2F 00 33 00 32 00 ..s..P..../.3.2.0030: 0A 00 16 00 13 00 09 00 15 00 12 00 FF 01 00 ...............http-nio-8443-exec-5, fatal error: 40: Client requested protocol TLSv1 not enabled or not supportedjavax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supportedhttp-nio-8443-exec-5, SEND TLSv1.2 ALERT: fatal, description = handshake_failurehttp-nio-8443-exec-5, WRITE: TLSv1.2 Alert, length = 2http-nio-8443-exec-5, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported[Raw write]: length = 70000: 15 03 03 00 02 02 28 ......(http-nio-8443-exec-5, called closeOutbound()http-nio-8443-exec-5, closeOutboundInternal()
When we send with SOAP request we see it is using TLS 1.2. However when we use HTTP post and send the request it is going to our vendor as TLSv1 instead of TLSv1.2
We have already upgraded our PI to the lastest SP and patches available on sap. We also updated the parameter https.protocols on the config tool to mention TLSv1.2
There should be some other setting that is preventing the HTTP post to not work when using communicating to our vendor using https.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers