/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
You would like to setup a scenario between Adobe Document Service of AS Java and SAP Web Dispatcher (WDP). Following symptoms can be experienced:
- ADS trace and defaultTrace of AS Java "handshake failure":
[...]
Caused by: com.adobe.ads.destination.DestinationException: IO error detected while opening DEST connection: <WDP host>:44300/sap/bc/fp/form/layout/<...>
at com.adobe.ads.destination.Destination.readUrlStream(Destination.java:349)
at com.adobe.ads.destination.Destination.readTemplate(Destination.java:89)
at com.adobe.ads.destination.DestinationNWImpl.readTemplate(DestinationNWImpl.java:29)
[...]
Caused by: org.w3c.www.protocol.http.HttpException: Peer sent alert: Alert Fatal: handshake failure
[...]
at com.adobe.ads.common.platform.urlService.URLConnectionInputStream.<init>(URLConnectionInputStream.java:60)
at com.adobe.ads.destination.Destination.readUrlStream(Destination.java:335)
[...]
- An SSL trace with IAIK debug records (see SAP KBA 2673775) of the Java stack (SSL client) shows the following trace entries:
[...]
ssl_debug(1): Starting handshake (iSaSiLk 5.2)...
ssl_debug(1): Sending v3 client_hello message to <WDP's hostname>:44300, requesting version 3.3...
ssl_debug(1): Sending extensions: renegotiation_info (65276), signature_algorithms (13)
ssl_debug(1): Received alert message: Alert Fatal: handshake failure
ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
[...] - Level 2 WDP trace shows following example entries:
[...]
[Thr 140102512526912] CCL[SSL]: Srv-0000001B: ########## TLSERROR: ClientHello::cipher_suites does not contain any cipher suite that the server accepts. [0xA0600245: ClientHello message does not offer any cipher suite the server was configured to support.]
[Thr 140102512526912]
[Thr 140102512526912] CCL[SSL]: Srv-0000001B: ########## TLSERROR: SSL3 server handshake failed [0xA0600245: ClientHello message does not offer any cipher suite the server was configured to support.]
[...]
[Thr 140102512526912] *** ERROR => No common SSL/TLS ciphersuite with SSL/TLS client!
[Thr 140102512526912] Server-configured Ciphersuites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
[...]
[Thr 140102512526912] <<- ERROR: SapSSLSessionStartNB(sssl_hdl=7f6c0004a2c0)==SSSLERR_NO_COMMON_CIPHERSUITE
[...]
[Thr 140102512526912] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStartNB returned (-100): SSSLERR_NO_COMMON_CIPHERSUITE [icxxconn.c 3090]
[...]
- TCPDump shows handshake failure with the below listed cipher suites as example scenario:
Read more...
Environment
- SAP NetWeaver Application Server Java
- SAP Adobe Document Services
- SAP Web Dispatcher
Product
SAP NetWeaver Application Server for Java all versions
Keywords
adobe document server, Adobe Document Services , KBA , BC-JAS-SEC-CPG , Cryptography , BC-CST-WDP , Web Dispatcher , BC-SRV-FP , Forms Processing , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)