SAP PI 7.5 Using RSA and ECDSA Ciphers

Antonio_C10IT · ‎2021 May 11

Hi gurus,

We had to enable a ECDSA cipher because of the implementation of a new REST service that only accepts this ciphers:

Adding one of the TLS 1.2 cipher (ECDSA) we make it work, but then the comunication with IMAPS of Gmail account start failing because it try to use the ECDSA cipher we add and Gmail only allow RSA.

I do not understand why SAP PI decide to use the ECDSA cipher and do not negotiate with Gmail to use another supported cipher (ie TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256).

Also I try to force the Gmail connection using TLS1.1 but is still taking the ECDSA cipher.

Do you know how I can solve this problem?

I want to avoid to implement a reverse proxy implementation.

SSLContext.properties (with the latest changes)

Thank you in advance

Best regards.

Antonio_C10IT · ‎2021 May 11

SOLVED:

The solution it was using different TLS for each service (the REST and Gmail) and specify a Cipher that is only supported for the TLS 1.2 for the REST service.

SAP PI 7.5 Using RSA and ECDSA Ciphers

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: Web Client Error

Urgent Issue : Transport API Management with TMS t...

Re: SMD agent version request

SMD agent version request

Log on to CMC or BI Launch is not authenticating m...