AS2 over https is considered very safe and reliable. When a client initiates a connection to the server, they negotiate the highest version of TLS both supports during the handshake process.
There are several versions of TLS and TLS 1.2 and TLS 1.3 are the primary versions in use today.
Most systems has disabled using TLS 1.0 and TLS 1.1 due to security concerns and Boomi has disabled TLSv1.1 on Atom clouds as on March, 2023.
When an AS2 client that does not support TLSv1.2 attempts to connect to Atom Cloud AS2 endpoint, the Boomi AS2 server will reject the connection because the client cannot negotiate a compatible TLS version.
🚩Possible errors
If the endpoint is not compatible with the specified TLS version, you may get a message like the below. More information here.
TCP connection reset by peererror:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failureCannot communicate securely with peer: no common encryption algorithm(s).
13003 -- Cannot conclude ssl handshake. Cause: Received fatal alert: protocol_version.
🚩Possible solutions
✅Trading Partner to support TLSv1.2
Request the trading partner to update their https protocol to support TLSv1.2.
✅Use Boomi Atom cloud http AS2 endpoints
If the trading partner is reluctant to update the HTTPS protocol to TLSv1.2, you can consider asking the client to connect to Boomi atom cloud http endpoint. AS2 over http is secure if properly configured with encryption and signing.
Boomi atom cloud provides AS2 http endpoint *.exchange.boomi.com. You can find the http endpoints in this Boomi article.
✅Local Atom/Molecule:
If you’re using local atom/molecule, your trading partner can continue to connect with TLS v1.1 or TLS v1.0 and they are not disabled. Your Boomi administrator can prefer to disable lower versions of TLS depending on your organizations security policies.
Comments