cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to activate TLS1.2 on SAP PO7.4(Single Stack)

Go to solution
shaik_shamshuddin
Explorer

on ‎07-14-2016 8:48 AM

0 Kudos

Hi ALL,

We have integration with a cloud Web system which accepts only connection through TLS1.2. We configured REST adapter to communicate. But as a default SAP PO 7.4 supports till TLS1.1. Can any please guide how to connect with the cloud system by using TLS1.2

I have gone through the SAP Note  2284059. If we apply this, Will this have any impact on the other system's connectivity who uses SSL for the connectivity?

Regards,

Shaik

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Harish
Active Contributor
‎07-14-2016 9:04 AM
0 Kudos

Hi Shaik,

Please check the below blog

Outbound support for TLS 1.1/1.2 | SCN

regards,

Harish

Show replies
Show replies
shaik_shamshuddin
Explorer
‎07-14-2016 9:35 AM
0 Kudos

Hi Harish,

Thank you for your reply. These also talking about to implement the note "2284059".

I want to know if we implement this note will it effect the other system's connectivity who uses SSL for the connectivity?

Regards,

Shaik

bhavesh_kantilal
Active Contributor
‎07-14-2016 10:15 AM
0 Kudos

Shaik,

It is important to go through the blog Harish has mentioned and its comments section, especially the blog Markus.

If you do read through this blog,

  • what you will realise is - every SSL/ TLS connection has to be tested in your QA environment. By default, this note would demand that your Servers present TLS 1.2 and it could be the case where this is not the case.
  • If needed you would need to set up a Config File as described in the blog for the IAIK and then enables max and minimum TLS versions to make sure that servers that do not support 1.2 continue to be supported by PI by enabling the lower versions of SSL / TLS.

Regards

Bhavesh

Answers (5)

Answers (5)

former_member607171
Discoverer
‎09-03-2019 11:57 AM
0 Kudos

Hi Shaik,

Can you please brief how you got the solution finally?

Show replies
Show replies
shaik_shamshuddin
Explorer
‎09-22-2016 3:51 PM
0 Kudos

Hi All,

Thank you for the suggestions.  Finally the issue got resolved.One point is that, If we implement the note 2284059 or if we do any manual changes in IAIK, The REST adapter ignores these settings and try connecting through TLS1.0 or 1.1

Regards,

Shaik

Show replies
Show replies
jmejia1
Discoverer
‎09-26-2019 1:35 AM
0 Kudos

Hi Shaik,

Please share the workaround. We have exactly the same scenario.

Regards,

J

shaik_shamshuddin
Explorer
‎07-15-2016 12:56 PM
0 Kudos

Hi All,

We have implemented the note "2284059". But still facing the same issue in the REST Receiver Channel. Checked with certificates, Firewall settings too. Everything looks fine. Can anyone please check on this.

Regards,

Shaik

Show replies
Show replies
bhavesh_kantilal
Active Contributor
‎07-15-2016 1:04 PM
0 Kudos

suggest you test this with xpi_inspector and see what happens. In xpi_inpsector there is an option to test a SSL connection. The logs here will add more insight into what could be going wrong.

Former Member
‎07-15-2016 1:10 PM
0 Kudos

Hello Shaik,
please provide the scenario you have, but I feel that SAP Note 2092630 will help you

Regards,
Vadym

shaik_shamshuddin
Explorer
‎07-17-2016 8:27 AM
0 Kudos

Hi Bhavesh,

Thank you for your suggestion Do we need to do any manual configuration after installing the note "2284059" to connect using TLS1.2?

Regards,

Shaik

Eoin_Kierans
Product and Topic Expert
Product and Topic Expert
‎07-14-2016 6:47 PM
0 Kudos

Hello Shaik,

In addition to the information provided earlier you may also want to check the following note:
2295870 - TLSv1.2 Support in REST adapter.

Regards

Eoin

Show replies
Show replies
Former Member
‎07-14-2016 4:38 PM
0 Kudos

Hello Shaik,
please have a look on valuable answer from Bhavesh. I just would like to add a remark about possibility to set the supported SSL/TLS version using parameters

client.minProtocolVersion (default: TLS1.0)

client.maxProtocolVersion (default: TLS1.2)

Supported values are: SSL30, TLS10, TLS11, TLS12

So, I suppose that you still will be able to support the legacy with earlier versions.

Best regards,
Vadym

Show replies
Show replies
Ask a Question