How to Enable TLS v1.2 in SAP Netweaver ABAP
When establishing trust between SAP BW and BI Platform, we faced TLS protocol error during test connection step in the configuration of BW Events.
What we found in a detailed study is for SSL communication, SAP BI Platform uses TLS version 1.2/1.1, the same needs to be enabled in SAP BW system as well. Else due to cipher suite mismatch the connection might fail.
In this article will go through the process of enabling TLS v1.2 in SAP Netweaver ABAP system.
Test SSL Connection
- After creating http Destination in ABAP to BI Platform, Click Connection Test
- If you see Success, it works, then you’re good.
- If you see error something like below, please see the next section
“received a fatal TLS 1.0 protocol version alert message from the peer”
Check Trace File
- Go to transaction SMICM
- Go to menu, Go to –> Trace File –> Display End
If you see message complaining about TLS version, then proceed to next section
Enable TLS v1.2
- Go to transaction RZ10
- Open DEFAULT profile, select Extended Maintenance and click Change
3. Add these two parameters
ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
4. Click Save
5. Restart Server
6. Go back SMICM and see trace file again. If you see two parameters, then they are configured properly
Test SSL Connection again and it should be Ok now.
We had followed the recommendation and have set the 2 ciphersuites parameter for successful outbound communication from ERP to Concur via PI.
Today we discovered via below that :
Planned Changes: Some TLSv1.2 Ciphers No Longer Supported (Jun 22)
Can you explain how to rectify this issue as we get handshake error now.
What SAPCRYPTO version we need to update to and what value should we set in cipersuites parameters ?
I was struggling to solve this problem. We used to transmit some SAP BW reports thru office 365 mail to some users and it suddenly started taking too much time since last few days.
I could solve this problem adding these 2 parameters.
Thanks & regards.
It would also be wise to have a look at OSS note 510007. This covers all of the aspects of parameters, CommonCryptoLib versions, etc.