SAP Knowledge Base Article - Preview

2417205 - Enabling TLS 1.1 and 1.2 on SAP NetWeaver AS Java for outgoing connections


  • You need to enable TLS 1.1 and 1.2 in your SAP NetWeaver Application Server Java for outgoing connections (i.e. NW Java as a client).
  • You may have read the SAP Notes 2284059 or 2503155, but you are not sure if your AS Java is already compliant with TLS 1.1 or 1.2.

Important: This article is applicable to communication scenarios that use the IAIK SSL library (mentioned in the SAP Notes above). If an application uses the underlying SAP JVM/JDK for TLS communication, it is needed to run SAP JVM 6.1.093 or higher patch (for NW 7.20, 7.3x, 7.40), or SAP JVM 8 (NW 7.5). In order to determine whether the application uses IAIK or the JVM, the traces of a TLS connection/error can be analyzed to check if they include iaik* packages or* packages. SAP JVM 4 (NW 7.0x) and 5 (NW 7.1x) do not support TLS 1.1/1.2.



SAP NetWeaver Application Server Java


SAP NetWeaver Application Server for Java all versions


TLS1.0 TLS1.1 TLS1.2 SSL handshake failure IOException SSLHandshakeException Connection closed by remote host, TLS outgoing connections , KBA , BC-JAS-SEC-CPG , Cryptography , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.