Skip to Content
0

How to change security from SSL to TLS

Dec 14, 2016 at 11:54 AM

3.3k

avatar image
Former Member

Hi

We have rfc to soap synchronous scenario.

Third party has changed security from SSL to TLS and is currently supporting only TLS 1.1 and above.

Certificates are correct and so is the firewall and traffic.

But we get connection refused error and in XPI log i see the below steps:

XPI log Begin IAIK Debug: ssl_debug(3): Starting handshake (iSaSiLk 4.5)... ssl_debug(3): Sending v3 client_hello message to XXXXX:8XX9, requesting version 3.1... ssl_debug(3): IOException while handshaking: Connection closed by remote host. ssl_debug(3): Sending alert: Alert Fatal: handshake failure ssl_debug(3): Shutting down SSL layer... ssl_debug(3): Closing transport...

Basis team has maintained parameters inorder to enable TLS communication: ssl/ciphersuites = 135:HIGH:MEDIUM:+e3DES ssl/client_ciphersuites = 144:HIGH:MEDIUM:+e3DES

Thanks

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Harish Mistri Dec 15, 2016 at 12:12 AM
0
Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Dec 15, 2016 at 07:32 AM
0

Hi Harish

Thanks, i am looking into this.

nice blog indeed.

Thanks

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Dec 16, 2016 at 03:31 AM
0

Hi

Below parameters were activated and still we see some issue (Error: unable to create socket).Handshake failure no more seen.

Please suggest any other workaround apart from upgrading patch levels of Java software components.

ABAP Profile Parameters:

ssl/ciphersuites = 135:PFS:HIGH:MEDIUM:+e3DES

ssl/client_ciphersuites = 150:PFS:HIGH:MEDIUM:+e3DES

Java System Property:

Parameter Name=iaik.security.ssl.configFile

Value=file:/tmp/SSLContext.properties

TLS configuration string generates empty cipher suite list

Running in server mode

Configured protocol versions:

TLSv1.0, TLSv1.1, TLSv1.2

Enabled cipher suites:

TLS_RSA_WITH_AES128_GCM_SHA256

TLS_RSA_WITH_AES256_GCM_SHA384

TLS_RSA_WITH_AES128_CBC_SHA

TLS_RSA_WITH_AES256_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES256_CBC_SHA

Enabled elliptic curves:

EC_P384 [optimized: FALSE]

EC_P521 [optimized: FALSE]

EC_P256 [optimized: FALSE]

Thanks

Share
10 |10000 characters needed characters left characters exceeded