# Steps to check ICM settings in SAP ## ICM parameters required in all instance profiles Go to Tcode `RZ10` for each instance profile and confirm if the below ICM parameters are maintained. | Parameter name | Parameter value | | ------------------------------ | ------------------------------- | | icm/HTTPS/client\_sni\_enabled | TRUE | | ssl/client\_sni\_enabled | TRUE | | ssl/client\_ciphersuites | 150:PFS:HIGH::EC\_P256:EC\_HIGH | | ssl/ciphersuites | 135:PFS:HIGH::EC\_P256:EC\_HIGH | If the parameters are not present or if the parameters are not matching, then add or update the parameters with the above-mentioned values. Once updated, restart ICM for this to work. Note: Some systems may need application restart as well. But check the connectivity accordingly step by step with minimum downtime. ## Prerequisites for SSL handshake CommonCryptoLib (SAPCRYPTOLIB) Version 8.5.34 and above; Kernel release should be 722 and above; If is it below the given version, make sure you upgrade the kernel patch as per your system version. The help documentation for the Kernal upgrade and the required information are in the below SAP notes. 1. 2124480 - ICM / Web Dispatcher: TLS Extension Server Name Indication (SNI) as client. 2. 2083594 - SAP Kernel Versions and SAP Kernel Patch Levels. 3. 2350788 - Using Kernel 749 instead of Kernel 740, 741, 742 or 745 {% hint style="info" %} **Important Note**: This is a step-by-step "How-to" guide for checking ICM settings in SAP. Please be aware that the values of different parameters and screenshots presented in this guide may vary depending on your specific use case. Before proceeding, please make sure to go through the [checklist](https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist). {% endhint %} ## Steps to check ICM settings **Step 1**: Run T-code `RZ10` and check if the parameter `icm/HTTPS/client_sni_enabled` and `ssl/client_sni_enabled` is set to `True`. ![](https://lh5.googleusercontent.com/GKjH-5gZI3DfljrFdUMYJBAax0vCYJE-a2O0kZQdQyHiV4ltXkN60lsnOq3vCOwBVRmRfGSPR58bUTgI_-yraAvmCcTNoQm6z2SQ-Dsav6JTmUWdtHQvUTFtbCEAV48VhD9t7PDl) **Step 2**: If the above parameter is not enabled as `TRUE`, Run T-code: `RZ11` and then enter the parameter `icm/HTTPS/client_sni_enabled`. ![](https://lh3.googleusercontent.com/jp_AjMtGMWBPJEN1hlzSKK-pf22PRLjMhxErLzZib5RY91XAmnoYTyh_dy0FrMqKhbZk32ot7yrEOeoE2YOGL8FLmqYTVyK4sco3Fo7zyap_tUmcsRWcqxdLFb3eaeTY1cAuVQzB) {% hint style="info" %} Please make the change to the parameter by changing the value directly in the profile. {% endhint %} **Step 3**: Go to `Change` mode and apply the current value as `TRUE` and save the parameter. ![](https://lh3.googleusercontent.com/kKVmkuuMI-aN3BwOekFPjRb1p_fT53XoXtP5LPV7F6f0pBYHIM6pcBNcEtSW5vg-R0T8y5ycv2Dc-6MPHCjWBOllvJxjfy-eSnSFhe_hcMHmYtHg_vrff_dYk0xcq3WIhK3qwOCD) **Step 4**: Repeat steps 2 and 3 for `ssl/client_sni_enabled` as well. Done! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cleartax.in/cleartax-docs/add-ons-and-extensions/sap-add-on/sap-connectivity-checklist/steps-to-check-icm-settings-in-sap.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.