SAP Knowledge Base Article - Preview

2678199 - TLS 1.2 handshake failure with Microsoft servers

Symptom

  • A TLS 1.2 (= SSL 3.3) connection from the AS Java using the IAIK library (SAP Note 2284059) fails with the following trace:

ssl_debug(1): Starting handshake (iSaSiLk 5.104)...
ssl_debug(1): Sending v3 client_hello message to <server>, requesting version 3.3...
ssl_debug(1): Sending extensions: renegotiation_info (XXXXX), signature_algorithms (XX), server_name (0)
ssl_debug(1): IOException while handshaking: Connection reset
ssl_debug(1): Sending alert: Alert Fatal: handshake failure
ssl_debug(1): Exception sending message: java.net.SocketException: errno: 32 (Broken pipe), error: Write failed (local port ... to address ... (...), remote host unknown)
ssl_debug(1): Shutting down SSL layer...

  • Note that the connection is reset right after sending the extensions.
  • The <server> is an IIS or another Microsoft Windows Server running with a certificate signed with SHA384withRSA or SHA512withRSA algorithms.

Read more...

Environment

SAP NetWeaver Application Server Java

Product

SAP NetWeaver Application Server for Java all versions

Keywords

IOException SSLHandshakeException SocketException Connection closed by remote host , KBA , BC-JAS-SEC-CPG , Cryptography , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.