on 07-20-2016 9:47 AM
Hi Experts,
We want to enable TLS1.1 or higher in SAP PI 7.4 for communication with salesforce. Please guide in SAP PI 7.4 how we can enable TLS 1.1 or higher and disable SSL or TLS1.0.
Hello Bhavesh,
You should check the following KBA's:
2284059 - Update of SSL library within NW Java server
2344735 - PI: Salesforce error with TLS 1.0
Regards
Eoin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bhavnesh,
yes, we did the same but still issue is there.
Begin IAIK Debug:
ssl_debug(4): Starting handshake (iSaSiLk 4.5)...
ssl_debug(4): Sending v3 client_hello message to test.salesforce.com:443, requesting version 3.1...
ssl_debug(4): Received v3 server_hello handshake message.
ssl_debug(4): Server selected SSL version 3.1.
ssl_debug(4): Server created new session D1:89:B7:BE:83:89:92:2E...
ssl_debug(4): CipherSuite selected by server: TLS_RSA_WITH_AES_128_CBC_SHA
ssl_debug(4): CompressionMethod selected by server: NULL
ssl_debug(4): TLS extensions sent by the server: renegotiation_info (65281)
ssl_debug(4): Server supports secure renegotiation.
ssl_debug(4): Received certificate handshake message with server certificate.
ssl_debug(4): Server sent a 2048 bit RSA certificate, chain has 2 elements.
ssl_debug(4): ServerCertChain[0]:
ssl_debug(4): Version: 3
ssl_debug(4): Serial Number: 0x14e1787030cab57bb9478a32d4f4a4f4
ssl_debug(4): Signature Algorithm: SHA256/RSA
ssl_debug(4): Issuer: CN=Symantec Class 3 Secure Server CA - G4
ssl_debug(4): OU=Symantec Trust Network
ssl_debug(4): O=Symantec Corporation
ssl_debug(4): C=US
ssl_debug(4): Validity:
ssl_debug(4): Not Before: Fri Jun 05 05:30:00 IST 2015
ssl_debug(4): Not After: Tue Jun 05 05:29:59 IST 2018
ssl_debug(4): Subject: CN=test.salesforce.com
ssl_debug(4): OU=Applications
ssl_debug(4): O=Salesforce.com\, Inc
ssl_debug(4): L=San Francisco
ssl_debug(4): ST=California
ssl_debug(4): C=US
ssl_debug(4): Public Key: RSA, 2048 bit
ssl_debug(4): ServerCertChain[1]:
ssl_debug(4): Version: 3
ssl_debug(4): Serial Number: 0x513fb9743870b73440418d30930699ff
ssl_debug(4): Signature Algorithm: SHA256/RSA
ssl_debug(4): Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5
ssl_debug(4): OU=(c) 2006 VeriSign\, Inc. - For authorized use only
ssl_debug(4): OU=VeriSign Trust Network
ssl_debug(4): O=VeriSign\, Inc.
ssl_debug(4): C=US
ssl_debug(4): Validity:
ssl_debug(4): Not Before: Thu Oct 31 05:30:00 IST 2013
ssl_debug(4): Not After: Tue Oct 31 05:29:59 IST 2023
ssl_debug(4): Subject: CN=Symantec Class 3 Secure Server CA - G4
ssl_debug(4): OU=Symantec Trust Network
ssl_debug(4): O=Symantec Corporation
ssl_debug(4): C=US
ssl_debug(4): Public Key: RSA, 2048 bit
ssl_debug(4): ChainVerifier: Found a trusted certificate, returning true
ssl_debug(4): Received server_hello_done handshake message.
ssl_debug(4): Sending client_key_exchange handshake...
ssl_debug(4): Sending change_cipher_spec message...
ssl_debug(4): Sending finished message...
ssl_debug(4): Received change_cipher_spec message.
ssl_debug(4): Received finished message.
ssl_debug(4): Session added to session cache.
ssl_debug(4): Handshake completed, statistics:
ssl_debug(4): Read 2836 bytes in 5 records, wrote 444 bytes in 4 records.
ssl_debug(4): Shutting down SSL layer...
ssl_debug(4): Sending alert: Alert Warning: close notify
ssl_debug(4): Read 0 bytes in 0 records, 0 bytes net, 0 average.
ssl_debug(4): Wrote 0 bytes in 0 records, 0 bytes net, 0 average.
ssl_debug(4): Closing transport...
ssl_debug(4): Closing transport...
End IAIK Debug.
The XPI Inspector logs show that the connection is successful and the handshake is successful. Is this correct?
What is the receiver adapter type you are using to connect / ping SalesForce that is failing? Have you checked the comments section of the blog that talks about how certain adapters are not using IAIK SSL Library and the parameters tweaks required? Do read through the entire comments section, they do have a lot of additional know how available there.
Also as this is a Salesforce URL, if this is a public URL, can you share the URL? I can then try this on my end!
Regards
Bhavesh
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.