Skip to Content
avatar image
Former Member

How to change security from SSL to TLS

Hi

We have rfc to soap synchronous scenario.

Third party has changed security from SSL to TLS and is currently supporting only TLS 1.1 and above.

Certificates are correct and so is the firewall and traffic.

But we get connection refused error and in XPI log i see the below steps:

XPI log Begin IAIK Debug: ssl_debug(3): Starting handshake (iSaSiLk 4.5)... ssl_debug(3): Sending v3 client_hello message to XXXXX:8XX9, requesting version 3.1... ssl_debug(3): IOException while handshaking: Connection closed by remote host. ssl_debug(3): Sending alert: Alert Fatal: handshake failure ssl_debug(3): Shutting down SSL layer... ssl_debug(3): Closing transport...

Basis team has maintained parameters inorder to enable TLS communication: ssl/ciphersuites = 135:HIGH:MEDIUM:+e3DES ssl/client_ciphersuites = 144:HIGH:MEDIUM:+e3DES

Thanks

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Dec 15, 2016 at 12:12 AM
    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 15, 2016 at 07:32 AM

    Hi Harish

    Thanks, i am looking into this.

    nice blog indeed.

    Thanks

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 16, 2016 at 03:31 AM

    Hi

    Below parameters were activated and still we see some issue (Error: unable to create socket).Handshake failure no more seen.

    Please suggest any other workaround apart from upgrading patch levels of Java software components.

    ABAP Profile Parameters:

    ssl/ciphersuites = 135:PFS:HIGH:MEDIUM:+e3DES

    ssl/client_ciphersuites = 150:PFS:HIGH:MEDIUM:+e3DES

    Java System Property:

    Parameter Name=iaik.security.ssl.configFile

    Value=file:/tmp/SSLContext.properties

    TLS configuration string generates empty cipher suite list

    Running in server mode

    Configured protocol versions:

    TLSv1.0, TLSv1.1, TLSv1.2

    Enabled cipher suites:

    TLS_RSA_WITH_AES128_GCM_SHA256

    TLS_RSA_WITH_AES256_GCM_SHA384

    TLS_RSA_WITH_AES128_CBC_SHA

    TLS_RSA_WITH_AES256_CBC_SHA

    TLS_RSA_WITH_3DES_EDE_CBC_SHA

    TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256

    TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384

    TLS_ECDHE_RSA_WITH_AES128_CBC_SHA

    TLS_ECDHE_RSA_WITH_AES256_CBC_SHA384

    TLS_ECDHE_RSA_WITH_AES256_CBC_SHA

    Enabled elliptic curves:

    EC_P384 [optimized: FALSE]

    EC_P521 [optimized: FALSE]

    EC_P256 [optimized: FALSE]

    Thanks

    Add comment
    10|10000 characters needed characters exceeded