2456800 - How to change the supported SSL/TLS version in PI/PO system | SAP Knowledge Base Article

SAP Knowledge Base Articles - preview

2456800 - How to change the supported SSL/TLS version in PI/PO system


You want to use new TLS version for the outbound connection(PI is SSL Client), so you have applied the following to enable new TLS version:
Note 2284059 – Update of SSL library within NW Java server, which introduces new TLS versions for outbound communication using the IAIK library.

Now, you want to change the default security settings e.g. sending only TLS 1.2 request, restrict the supported cipher suites and etc. 
If the TLS version mismatch, the handshake failure will occur.



  • SAP Netweaver Process Integration 7.1x and higher


SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3


SSL Version, SSL 3.1, SSL 3.2, SSL 3.3, TLS 1.0, TLS 1.1, TLS 1.2, ssl_debug, client.minProtocolVersion, client.maxProtocolVersion, iaik.security.ssl.configFile,
SSLContext.properties, cipher suites, handshake failure, Connection closed by remote host. , KBA , BC-XI-CON-AFW-SEC , Adapter Framework Security , BC-JAS-SEC-CPG , Cryptography , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.