SAP Knowledge Base Article - Preview

2538934 - Handshake is failing in AS Java when connecting to a server which only supports TLS_ECDHE ciphers

Symptom

While trying to connect to a remote server using HTTPS from AS Java system, connection is failing with "Handshake Failure".

If you capture SSL trace (as per KBA 2673775 Use /tshw to collect IAIK debug trace for outgoing calls in AS Java) while reproducing the issue, you see something like this in the resulted trace files:

ssl_debug(7): Starting handshake (iSaSiLk 5.104)...
ssl_debug(7): Sending v3 client_hello message to <host>:<port>, requesting version 3.3...
ssl_debug(7): Received alert message: Alert Fatal: handshake failure
ssl_debug(7): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
ssl_debug(7): Shutting down SSL layer...
ssl_debug(7): Closing transport...

Handshake failure.png

(Above is an example for XPI Inspector trace - Verify Remote SSL Server Certificate table in the communication channel page)


Read more...

Environment

  • PI Release Independent
  • SAP NetWeaver Application Server Java
  • SAP Process Integration

Product

SAP NetWeaver all versions ; SAP Process Integration all versions

Keywords

TLS_ECDHE, ECDHE, ECDSA, NWA, Keystore, CA, SSL, TLS, Certificate, ECC, Cipher, Ciphers, Suites, Suite, RSA, Handshake, Endpoint, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver, XI, , KBA , BC-JAS-SEC-CPG , Cryptography , BC-XI-CON-AFW-SEC , Security , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.