cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTP Post Using TLS 1.2?

former_member287746
Discoverer

on ‎11-07-2016 4:48 PM

0 Kudos

We have enabled TLS 1.2 by deploying the latest patches for PI components.

We followed the note 2284059 - Update of SSL library within NW Java server
Set the min and max protocols to TLSv1.2
However when we try to make a call to one of our partners they still see we are sending TLSv1 and not TLSv1.2
Trying to understand where would it be in SAP PO that would still point TLSv1
From our partner tomcat logs
[Raw read]: length = 50000: 16 03 01 00 3F ....?[Raw read]: length = 630000: 01 00 00 3B 03 01 58 10 BB FA 6D B4 C7 88 C7 E9 ...;..X...m.....0010: 3F 49 62 E2 AE E4 E9 2E 1C E9 37 33 9A 78 8F 3F ?Ib.......73.x.?0020: E8 0D 73 14 F3 50 00 00 14 00 2F 00 33 00 32 00 ..s..P..../.3.2.0030: 0A 00 16 00 13 00 09 00 15 00 12 00 FF 01 00 ...............http-nio-8443-exec-5, READ: TLSv1 Handshake, length = 63*** ClientHello, TLSv1RandomCookie: GMT: 1477425914 bytes = { 109, 180, 199, 136, 199, 233, 63, 73, 98, 226, 174, 228, 233, 46, 28, 233, 55, 51, 154, 120, 143, 63, 232, 13, 115, 20, 243, 80 }Session ID: {}Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]Compression Methods: { 0 }***[read] MD5 and SHA1 hashes: len = 630000: 01 00 00 3B 03 01 58 10 BB FA 6D B4 C7 88 C7 E9 ...;..X...m.....0010: 3F 49 62 E2 AE E4 E9 2E 1C E9 37 33 9A 78 8F 3F ?Ib.......73.x.?0020: E8 0D 73 14 F3 50 00 00 14 00 2F 00 33 00 32 00 ..s..P..../.3.2.0030: 0A 00 16 00 13 00 09 00 15 00 12 00 FF 01 00 ...............http-nio-8443-exec-5, fatal error: 40: Client requested protocol TLSv1 not enabled or not supportedjavax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supportedhttp-nio-8443-exec-5, SEND TLSv1.2 ALERT: fatal, description = handshake_failurehttp-nio-8443-exec-5, WRITE: TLSv1.2 Alert, length = 2http-nio-8443-exec-5, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported[Raw write]: length = 70000: 15 03 03 00 02 02 28 ......(http-nio-8443-exec-5, called closeOutbound()http-nio-8443-exec-5, closeOutboundInternal()
When we send with SOAP request we see it is using TLS 1.2. However when we use HTTP post and send the request it is going to our vendor as TLSv1 instead of TLSv1.2
We have already upgraded our PI to the lastest SP and patches available on sap. We also updated the parameter https.protocols on the config tool to mention TLSv1.2
There should be some other setting that is preventing the HTTP post to not work when using communicating to our vendor using https.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (0)

Ask a Question