cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sap pi 7.4 http_aae tls 1.2 sap jvm

Go to solution
former_member342596
Explorer

on ‎10-13-2017 7:00 AM

0 Kudos

Hi

I'm using a http_aae receiver adaptor on sap pi 7.4 latest patch to connect to a https site which support now only tls 1.2

I implemented the note 2284059, i read all the blogs related to this problem, in xpi_inspector the connection is fine but when i test in the pi scenario the adapter is failing with

javax.net.ssl.SSLHandshakeException: Server chose unsupported or disabled protocol: Unknown-3.3.
So somehow it seems that tls1.2 it's completely disabled on the server when using it from adapter even if in xpi_inspector is working fine.

regards,

Florin

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

mate_moricz
Advisor
Advisor
‎10-13-2017 8:28 AM

Dear Florin,

The HTTP_AAE adapter doesn't use the IAIK library so even if Note 2284059 is in your system, it's not taken into consideration. The HTTP_AAE adapter uses the JVM's SSL implementation. Please check SAP Note 2393811 - TLS/SSL setting in HTTP_AAE Adapter for receiver channel. This Note describes in detail what JVM version can be used for TLSv1.2 in the HTTP_AAE adapter.


Best regards,
Mate

Show replies
Show replies

Answers (1)

Answers (1)

former_member342596
Explorer
‎10-13-2017 9:05 AM
0 Kudos

Hi

I forgot to say that i already configured at the channel level to try to use TLSv1.1(https.protocols=TLSv1.1), and i get the same error .

javax.net.ssl.SSLHandshakeException: Server chose unsupported or disabled protocol: Unknown-3.3 (TLS 1.2).

Then the problem can be that 1.1 is valid starting with oracle update 111 and i'm on sap jvm 6.1.072( oracle update85).

I will try to update the sap jvm but from what you say 1.2 will never be supported in AAE on PI7.4 since this one is working only on jvm 6.1

Best Regards,

Florin Stoian

Show replies
Show replies
mate_moricz
Advisor
Advisor
‎10-13-2017 10:36 AM

Hi Florin,

If SAP Note 2393811 - TLS/SSL setting in HTTP_AAE Adapter for receiver channel is not available in your system with the JVM described then the parameter https.protocols will be never be interpreted.

You understood it correctly, with JVM6.1 you won't be able to use TLSv1.2. I can suggest one workaround. The SOAP adapter uses the IAIK library. If the receiver application is able to handle calls from the SOAP adapter, then you can connect via TLSv1.2 (of course this is a far-fetched assumption from me, but in some cases HTTP_AAE can be replaced by SOAP adapter).

Best regards,
Mate

Ask a Question