SAP Knowledge Base Article - Preview

2538934 - Handshake is failing in PI when connecting to a server which only supports TLS_ECDHE ciphers.

Symptom

You have a Receiver Communication Channel which is failing with "Handshake Failure" when trying to connect to the target server using HTTPS.

If you capture an XPI Inspector trace with Example 50 (selecting the affected receiver communication channel) while reproducing the issue, when checking the Verify Remote SSL Server Certificate table in the communication channel page, you see something like this:

ssl_debug(7): Starting handshake (iSaSiLk 5.104)...
ssl_debug(7): Sending v3 client_hello message to <host>:<port>, requesting version 3.3...
ssl_debug(7): Received alert message: Alert Fatal: handshake failure
ssl_debug(7): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
ssl_debug(7): Shutting down SSL layer...
ssl_debug(7): Closing transport...

Handshake failure.png


Read more...

Environment

  • PI Release Independent
  • SAP NetWeaver Application Server Java
  • SAP Process Integration

Product

SAP NetWeaver all versions ; SAP Process Integration all versions

Keywords

TLS_ECDHE, ECDHE, ECDSA, NWA, Keystore, CA, SSL, TLS, Certificate, ECC, Cipher, Ciphers, Suites, Suite, RSA, Handshake, Endpoint, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver, XI, , KBA , BC-XI-CON-AFW-SEC , Security , BC-JAS-SEC-CPG , Cryptography , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.