SAP Knowledge Base Article - Preview

2434357 - How to enable TLSv1.2 in the Diagnostics Agents in SAP Solution Manager

Symptom

It is required to enable TLSv1.2 to the communication between the Diagnostics Agents and the Managed Systems.

OR

After disable the TLSv1 in the systems managed/monitored by the SAP Solution Manager, the secured connections to the managed system fail with error:

  • Peer sent alert: Alert Fatal: handshake failure

The issue can also occurs in the SLD registration of the Diagnostics Agents if the TLSv1 is disabled in the SLD server.

As example, the SMDAgent logs will show the following SLD registration issue:

[SLDQueryBuilder] SLD check connection failed [EXCEPTION]
com.sap.sld.api.wbem.exception.CIMCommunicationException: CIM_ERR_FAILED: IO error: Unable to open SSL connection to host "sldhostname.sap.com:443". Peer sent alert: Alert Fatal: handshake failure.
Caused by: java.io.IOException: Unable to open SSL connection to host "sldhostname.sap.com:443"". Peer sent alert: Alert Fatal: handshake failure.

The managed system or SLD ICM logs in trace level 2 will show the following details for the connection issue:

SSL CTX supports versions: TLSv1.2). ClientHello.client_version TLSv1.0 {0x03,0x01}


Read more...

Environment

  • SAP Solution Manager 7.10
  • SAP Solution Manager Diagnostics
  • SAP Solution Manager 7.20

Product

SAP Solution Manager 7.1 ; SAP Solution Manager 7.2

Keywords

tlsv1.2. tls, ssl, ssl/tls, ssl_read, clienthello, secu-sll, sslerr_unsupp_protocol_version, ssl_error_ssl , KBA , SV-SMG-DIA-SRV-AGT , Agent Framework , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.