SAP Knowledge Base Article - Preview

2604240 - TLS handshake failure due to missing SNI extension


A TLS connection from the AS Java using the IAIK library (SAP Note 2284059) fails with the following trace:

ssl_debug(6): Starting handshake (iSaSiLk)...
ssl_debug(6): Sending v3 client_hello message to <server>, requesting version <TLS version>...
ssl_debug(6): Sending extensions: renegotiation_info (XXXX), signature_algorithms (XX)
ssl_debug(6): IOException while handshaking: Connection reset
ssl_debug(6): Sending alert: Alert Fatal: handshake failure
ssl_debug(6): Exception sending message: errno: 32 (Broken pipe), error: Write failed (local port XXXXX to address <IP> (<domain>), remote host unknown)
ssl_debug(6): Shutting down SSL layer...
ssl_debug(6): Closing transport...

Note that the connection is reset right after sending the extensions (bold part above) and the SNI extension (server_name) is not sent.



SAP NetWeaver Application Server Java


SAP NetWeaver Application Server for Java all versions


ssl pi xi adapter soap, TLS handshake failure, SNI extension , KBA , BC-JAS-SEC-CPG , Cryptography , BC-XI-CON-SOP , SOAP Adapter , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.