Usually in our Internet Explorer 11 only the transport layer protocol TLSv1.0 is activated.
To access the CRM webclient this URL is used:
https://<hostname>.<fqdn>:44311/sap/bc/bsp/sap/crm_ui_start/default.htm?sap-client=100&sap-sessioncmd=open
Now we have some other web applications that require TLSv1.1 and TLSv1.2
v1.1 ist not a problem, but when TLSv1.2 is activated within the Internet Explorer the CRM webclient can't access the system anymore (see
attachment).
I have found SAP note 510007 and tried several combinations for the two profile parameters ssl/ciphersuites and ssl/client_ciphersuites
but I'm not 100% sure whether this will lead to any success because of the last paragraph of topic 7 in the SAP note:
"Activating TLSv1.1 or TLSv1.2 or both on the client-side unfortunately results in handshake failures with a certain number of servers, which implement the negotiation of the SSL/TLS protocol version incorrectly (TLS protocol version intolerance). Additionally there exist network middleboxes (including proxies) that choke on newer TLS protocol versions and may interfere with attempts to negotiate TLSv1.2. So far the IETF TLS working group has not standardized an alternative TLS protocol version negotiation scheme that would allow TLS clients to safely negotiate protocol versions > TLSv1.0 and and TLS extensions efficiently, transparently, and completely protected and in a fashion that doesn't break old buggy servers (TLS version intolerant and TLS extension intolerant servers). Web Browsers invented a heuristics-based, complex and insecure approach ("Downgrade Dance") to this non-marginal interop problem ... and got bitten by Poodle."
Do you have any idea how I can access the CRM webclient WITH activating the transport layer protocol TLSv1.2?