2417205 - Enabling TLS 1.1 and 1.2 on SAP NetWeaver AS Java for outbound connections

Symptom

There is a need to enable TLS 1.1/1.2 on SAP NetWeaver Application Server Java for outbound connections (i.e. NW Java as a client).

Important: This article is applicable to communication scenarios that use the IAIK SSL library. If an application uses the underlying SAP JVM/JDK for TLS communication, it is needed to run SAP JVM 6.1.093 or higher patch (for NW 7.20, 7.3x, 7.40) or SAP JVM 8 (NW 7.5). In order to determine whether the application uses IAIK or the JVM, the traces of a TLS connection/error can be analyzed to check if they include iaik* packages or javax.net.ssl* packages. SAP JVM 4 (NW 7.0x) and 5 (NW 7.1x) do not support TLS 1.1/1.2.

Note: For inbound connections, refer to the KBA 3014930 - Enabling TLS 1.1 and 1.2 on SAP NetWeaver AS Java for inbound connections

Environment

SAP NetWeaver Application Server Java

Product

SAP NetWeaver Application Server for Java all versions

Keywords

TLS1.0 TLS1.1 TLS1.2 SSL handshake failure IOException SSLHandshakeException Connection closed by remote host, TLS outgoing connections , KBA , BC-JAS-SEC-CPG , Cryptography , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.