Beruflich Dokumente
Kultur Dokumente
3) Go to transaction STRUST
8) Save
If you see error something like below, please see the next section.
file:///C:/Users/M1054831/Downloads/how-to-enable-ssl-on-netweaver-application-server.html 1/7
2/22/2020 How to Enable SSL on NetWeaver Application Server
session ciphersuites=HIGH:MEDIUM:+e3DES:!aNULL
Client SSL_CTX 7f26940019d0 pvflags=128 (TLSv1.0)
Target Hostname="github.com"
>> SecuSSL ErrStack:
0x20001070 SAPCRYPTOLIB SSL_read
SSL API error
received a fatal TLS1.0 protocol version alert message from the peer
0xa0600278 SSL ssl3_read_bytes
received a fatal TLS1.0 protocol version alert message from the peer
0xa0600278 SSL ssl3_connect
received a fatal TLS1.0 protocol version alert message from the peer
0xa0600278 SSL ssl3_read_bytes
received a fatal TLS1.0 protocol version alert message from the peer
<<
Also check transaction SMICM -> Goto -> Trace File -> Display End
3) If you see message complaining about TLS version then proceed the next section
file:///C:/Users/M1054831/Downloads/how-to-enable-ssl-on-netweaver-application-server.html 2/7
2/22/2020 How to Enable SSL on NetWeaver Application Server
[Thr 139804692911872] received a fatal TLS1.0 protocol version alert message from the peer
[Thr 139804692911872] 0xa0600278 SSL ssl3_read_bytes
[Thr 139804692911872] received a fatal TLS1.0 protocol version alert message from the peer
[Thr 139804692911872] <<
[Thr 139804692911872]
[Thr 139804692911872] {00000109} {root-id=000D3A282AC01EE899FB2148C2A4B9FE} [icxxconn.c 2423]
[Thr 139804692911872] GUI T12_U2540_M0, 001, DEVELOPER, CX360WINSG, time=09:24:28, W1,
program=ZABAPGIT_TEST_SSL, high priority, memory=0, tasks=1, appl info=, tcode=SADT_START
[Thr 139804692911872] role: Client, protocol: HTTPS, local: 10.0.0.59:15728, peer:
192.30.253.113:443
Over the course of year 2016, a growing number of TLS servers were reconfigured to abort/reject
TLSv1.0 handshakes, or they are requring forward secrecy (PFS) cipher suites for access. The
currently recommended settings for TLSv1.2 interoperability are (requiring at least CommonCryptoLib
8.4.38, recommending at least 8.4.49):
ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
file:///C:/Users/M1054831/Downloads/how-to-enable-ssl-on-netweaver-application-server.html 3/7
2/22/2020 How to Enable SSL on NetWeaver Application Server
For a SAP Solution Manager System 7.[012], please use the following value for
ssl/client_ciphersuites instead:
ssl/client_ciphersuites = 918:PFS:HIGH::EC_P256:EC_HIGH
4) Click Copy and Save (There might be a warning, proceed saving anyway.)
file:///C:/Users/M1054831/Downloads/how-to-enable-ssl-on-netweaver-application-server.html 4/7
2/22/2020 How to Enable SSL on NetWeaver Application Server
5) Restart server
file:///C:/Users/M1054831/Downloads/how-to-enable-ssl-on-netweaver-application-server.html 5/7
2/22/2020 How to Enable SSL on NetWeaver Application Server
$ su -l npladm
$ stopsap
$ startsap
$ sapcontrol -nr 00 -function GetProcessList
6) Go back SMICM and see trace file again. If you see two new parameters then they are configured properly.
References
SAP Note 510007
TLS 1.2 Support in SAP - SCN
Revision #6
Created Tue, May 1, 2018 7:32 AM by Chairat (Par)
Updated Tue, Nov 13, 2018 7:53 AM by Chairat (Par)
file:///C:/Users/M1054831/Downloads/how-to-enable-ssl-on-netweaver-application-server.html 7/7