3663219 - Fail to connect to HANA Database in HANA Studio with error "The SSL handshake failed. This may be due to a flaw in the SSL implementation..."

• When adding a system using SSL in HANA Studio, the connection failed with below error.
  
  
• Checking the HANA Studio log (E.g. C:\Users\<User Name>\hdbstudio\.metadata\.log), found below error messages.
  
  

  com.sap.ndb.studio.jdbc.JDBCConnectionStatus: The SSL handshake failed. This may be due to a flaw in the SSL implementation, or an infrastructure error (network)

  For more details, see the error log
      at com.sap.ndb.studio.jdbc.JDBCPlugin.createConnection(JDBCPlugin.java:299)
      at com.sap.ndb.studio.navigator.wizards.newsapsystem.NewSAPSystemWizard$1$1.call(NewSAPSystemWizard.java:308)
      at com.sap.ndb.studio.navigator.wizards.newsapsystem.NewSAPSystemWizard$1$1.call(NewSAPSystemWizard.java:1)
      at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
      at java.base/java.lang.Thread.run(Thread.java:840)
  Caused by: com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: Cannot connect to jdbc:sap://<HANA server hostname> [Cannot connect to host <HANA server hostname>:<port>. Received fatal alert: unrecognized_name -813: <HANA server IP address>:<dynamic port> -> <HANA server hostname>:<port> ConnectionID:0 SessionID:0].
      at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:126)
      at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:222)
      at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.newInstance(SQLExceptionSapDB.java:50)
      at com.sap.db.jdbc.DriverSapDB._connect(DriverSapDB.java:3430)
      at com.sap.db.jdbc.DriverSapDB.connect(DriverSapDB.java:3013)
      at com.sap.ndb.studio.jdbc.JDBCConnection$1.run(JDBCConnection.java:172)
  Caused by: com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: SSL handshake failed. Received fatal alert: unrecognized_name
      at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:209)
      at com.sap.db.jdbc.exceptions.SQLExceptionSapDB._newInstance(SQLExceptionSapDB.java:222)
      at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.newInstance(SQLExceptionSapDB.java:33)
      at com.sap.db.jdbc.SecureSession._doHandshake(SecureSession.java:765)
  ......

• Test via openssl s_client command returns SYSTEM PKI certificate
  
  openssl s_client -connect <HANA server hostname>:<port> -showcerts
  CONNECTED(00000003)
  Can't use SSL_get_servername
  depth=0 C = DE, O = SAP System PKI, CN = <HANA server hostname>_<SID>_00
  verify error:num=20:unable to get local issuer certificate
  verify return:1
  depth=0 C = DE, O = SAP System PKI, CN = <HANA server hostname>_<SID>_00
  verify error:num=21:unable to verify the first certificate
  verify return:1
  depth=0 C = DE, O = SAP System PKI, CN = <HANA server hostname>_<SID>_00
  verify return:1
  ---
  Certificate chain
  0 s:C = DE, O = SAP System PKI, CN = <HANA server hostname>_<SID>_00
     i:C = DE, O = SAP System PKI, OU = sapstartsrv, CN = root_<SID>
  -----BEGIN CERTIFICATE----- 
  <certificate content>
  -----END CERTIFICATE----- 
  

  ---
  Server certificate
  subject=C = DE, O = SAP System PKI, CN = <HANA server hostname>_<SID>_00

  issuer=C = DE, O = SAP System PKI, OU = sapstartsrv, CN = root_<SID>

  
  
  

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental 

• SAP HANA Platform Edition 2.0 (higher or equal than SPS06)
• SAP HANA Studio
• JDBC

KBA , HAN-DB-SEC , SAP HANA Security & User Management , HAN-STD-ADM-SEC , SAP HANA Security & User Management (Studio) , Problem