3191267 - PI is doing SSL handshake with the Proxy instead of Target Server

When checking the traces via the Log Viewer to collect detailed diagnostic traces you see entries similar to below during SOAP Receiver Channel processing:

Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
SOAP: Call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Failed to call the endpoint: Error in call over HTTP: HTTP 0 null

Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure Reason: Without SNI the request may be rejected with handshake error by target system even before sending the certificate. 

or

IOException while handshaking: Connection closed by remote host.

or

Invalid SSL message, peer seems to be talking plain 

Here SOAP Receiver channel is configured with Proxy, towards HTTPS endpoint.

And you may find:

• In Channel, SSL handshake succeeds.
• In Runtime, SSL handshake fails.
  
  In Runtime, PI is doing SSL handshake *with* the Proxy, not *via* the Proxy,
  where the Proxy of course may not respond properly to the SSL Handshake request.
  • e.g.,

    "Sending v3 client_hello message to <proxy host & port>, requesting version 3.3..." (which is WRONG)

  • while it should have been:

    "Sending v3 client_hello message to <target host & port>, requesting version 3.3..." (whch is EXPECTED).

• SAP NetWeaver
• SAP Process Integration