SAP Knowledge Base Article - Preview

3057117 - AS Java SSLException - EC signed SHA256withRSA server certificate server certificate not capable for ECDHE_ECDSA key exchange algorithm!

Symptom

  • An SSL/TLS connection to an external server from the AS Java fails with "Peer certificate rejected by ChainVerifier".
  • An SSL trace with IAIK debug records (see SAP KBA 2673775) shows the following messages:

    [...]
    ssl_debug(7): Starting handshake (iSaSiLk 5.106)...
    ssl_debug(7): Sending v3 client_hello message to <hostname>:<port>, requesting version 3.3...
    [...]
    ssl_debug(7): Received v3 server_hello handshake message.
    [...]
    ssl_debug(7): Received certificate handshake message with server certificate.
    [...]
    Signature Algorithm: SHA256withRSA
    [...]
    ssl_debug(493): ChainVerifier: EC signed SHA256withRSA server certificate server certificate not capable for ECDHE_ECDSA key exchange algorithm!
    [...]


Read more...

Environment

  • SAP NetWeaver Application Server Java as of 7.1X version
  • SAP Process Integration (PI)

Product

SAP NetWeaver Application Server for Java all versions

Keywords

PI, PO, Process Orchestration, Process Integration, handshake failed, handshake failure, ssl handshake , KBA , BC-JAS-SEC-CPG , Cryptography , BC-XI-CON-SOP , SOAP Adapter , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.