Symptom
You're trying to log on to the Outlook or Excel add-ins for SAP Cloud for Customer or SAP Business ByDesign, but error message "The request was aborted: could not create SSL/TLS secure channel" is raised.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
- SAP Cloud For Customer
- SAP Business ByDesign
Cause
You're using TLSv1.0 protocol, which is no longer supported.
As a part of our commitment to continuous improvement and to follow industries best practices, we plan to configure our servers to support only the latest protocol versions TLSv1.1 and TLSv1.2.
Resolution
To solve this error, you must ensure .NET Framework is using SSL/TLS 1.1 on Windows settings.
There are two options for solving this: editing the Windows registry or reinstalling the .NET Framework.
1) Editing the Windows registry:
Please ensure that you have the below settings enabled in your Windows machine to avoid connectivity issues from SAP Cloud For Customer and SAP Business ByDesign application add-ons:
- In your Windows PC, go to Windows search and type "Regedit".
- Click the Yes button; it opens the Registry Editor.
- Open the path below based on the version of .NET Framework installed on your machine, in this case it is 4.0.30319:
Please note: It needs to be done on both paths below.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v 4.0.30319
If you find the value defined as 0 instead of 1, follow below steps to change “data” from 0 to 1 and further test the result:
Key: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value: SchUseStrongCrypto
Type: REG_DWORD
Data: 1
Key:Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319
Value: SchUseStrongCrypto
Type: REG_DWORD
Data: 1
If you don't find the "SchUseStrongCrypto" in your registry inside one or both of the .NET Framework paths, please create one by following the steps below:
Please note: Your machine account will need to have administrator privileges.
- Right-click in the empty space.
- Select New.
- Click the DWORD (32-bit) Value.
- Type the name "SchUseStrongCrypto" for the newly created entry.
- Double-click "SchUseStrongCrypto" again to edit it.
- Make sure that Value Data is 1.
2) Reinstalling the .NET Framework:
If you still find an issue with SAP Cloud For Customer/SAP Business ByDesign add-ins connecting to the application or if the registry is already set to 1, then reinstall the .NET Framework to 4.6.2 or higher versions and perform the above steps again for this newer version.
How to reinstall .NET Framework:
- In your Windows PC, go to Windows search and type "Turn Windows features on or off."
- Deselect the checkboxes related to .NET Framework.
- Click the Ok button.
Windows will uninstall .NET Framework. When it is finished, go back to "Turn Windows features on or off."
- Select the checkboxes related to .NET Framework again.
- Select "Let Windows Update download the files for you." This will install and update it.
See Also
SAP Community blog "Disabling TLSv1.0 protocol and 3DES cipher suite for Inbound communication to ByD"
Keywords
TLS; Logon; SSL; Outlook; Excel: Add-in; Add-on; el; TLS v1.0; TLS v1.1; .NET Framework , KBA , SRD-CC-OIN-XL , Excel Integration , SRD-CC-OIN-GW , Groupware , How To