2456800 - How to change the supported SSL/TLS version in PI/PO system

Symptom

You want to use new TLS version for the outbound connection (PI is the SSL client), so you have applied the following to enable new TLS version:
Note 2284059 Update of SSL library within NW Java server, which introduces new TLS versions for outbound communication using the IAIK library.

Now, you want to change the default security settings e.g. sending only TLS 1.2 request, restrict the supported cipher suites and etc.
If the TLS version mismatch, the handshake failure will occur.

Environment

SAP Netweaver Process Integration 7.1x and higher

Product

SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3

Keywords

SSL Version, SSL 3.1, SSL 3.2, SSL 3.3, TLS 1.0, TLS 1.1, TLS 1.2, ssl_debug, client.minProtocolVersion, client.maxProtocolVersion, iaik.security.ssl.configFile,
SSLContext.properties, cipher suites, handshake failure, Connection closed by remote host. , KBA , BC-XI-CON-AFW-SEC , Security , BC-JAS-SEC-CPG , Cryptography , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.