Symptom
There is a need to enable TLS 1.1/1.2 on SAP NetWeaver Application Server Java for outbound connections (i.e. NW Java as a client).
Important: This article is applicable to communication scenarios that use the IAIK SSL library. If an application uses the underlying SAP JVM/JDK for TLS communication, it is needed to run SAP JVM 6.1.093 or higher patch (for NW 7.20, 7.3x, 7.40) or SAP JVM 8 (NW 7.5). In order to determine whether the application uses IAIK or the JVM, the traces of a TLS connection/error can be analyzed to check if they include iaik* packages or javax.net.ssl* packages. SAP JVM 4 (NW 7.0x) and 5 (NW 7.1x) do not support TLS 1.1/1.2.
Note: For inbound connections, refer to the KBA 3014930 - Enabling TLS 1.1 and 1.2 on SAP NetWeaver AS Java for inbound connections
Read more...
Environment
SAP NetWeaver Application Server Java
Product
Keywords
TLS1.0, TLS1.1, TLS1.2, SSL handshake failure, IOException SSLHandshakeException Connection closed by remote host, TLS outgoing connections , KBA , BC-JAS-SEC-CPG , Cryptography , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.