Hi there,
i am facing following problem. We lost connection to one of our used API. It is offered by an external company. I was told, they stopped using SLLv3 for this connection. So i updated our Kernel from 7.21 PL325 to 7.21 PL500. Basis Release is ABAP 700 PL30. I followed SAP Note 510007 and set ssl/client_ciphersuites to 208:HIGH:MEDIUM:+e3DES and ssl/ciphersuites to 135:HIGH:MEDIUM:+e3DES, to eliminate SSLv3. But no matter what combination i take, the connection (i tried RFC Calls from SM59) falls back to SSLv3 with familiar error message. The certifcates are fine. We can connect to various other API, without any problems. I hope someone has a solution, i have no clue whats wrong... Here is the message from dev_icm:
| [Thr 1032] = SSL Initialization | platform tag=(ntamd64-msc16) |
[Thr 1032] = (721_REL,Apr 28 2015,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
[Thr 1032] profile param "ssl/ssl_lib" = "C:\usr\sap\D12\DVEBMGS00\exe\sapcrypto.dll"
| [Thr 1032] | resulting Filename = "C:\usr\sap\D12\DVEBMGS00\exe\sapcrypto.dll" |
[Thr 1032] = found CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.35 pl40 (Mar 16 2015) MT-safe
[Thr 1032] = current UserID: W2SAP\SAPServiceD12
[Thr 1032] = using SECUDIR=C:\usr\sap\D12\DVEBMGS00\sec
[Thr 1032] = Success -- SapCryptoLib SSL ready!
[Thr 1032] =================================================
[Thr 1032]
[Thr 1032] IcmServInitSSL: icm_ssl_inited is TRUE
[Thr 1032] Started service PORT=8443,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=60,VCLIENT=1
[Thr 1032] SSL settings: verify_client: 1, cache_size: -1, cache_lifetime: -1, credfile: SAPSSLS.pse, ciphers: default
[Thr 13332] HttpExtractArchive: files from archive C:\usr\sap\D12\DVEBMGS00\exe/ITS.SAR in directory C:/usr/sap/D12/DVEBMGS00/data/icmandir are up to date
[Thr 1032] Mon Aug 03 18:13:07 2015
[Thr 1032] IcmNetCheck: network check passed without detecting problems
[Thr 9504] Mon Aug 03 18:13:24 2015
[Thr 9504] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
| [Thr 9504] | session uses PSE file "C:\usr\sap\D12\DVEBMGS00\sec\XXXXXXXXpse" |
[Thr 9504] SecudeSSL_SessionStart: SSL_connect() failed --
[Thr 9504] secude_error 536875072 (0x20001040) = "SSL API error"
[Thr 9504] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 9504] 0x20001040 | SAPCRYPTOLIB | SSL_connect
[Thr 9504] SSL API error
[Thr 9504] received a fatal SSLv3 handshake failure alert message from the peer
[Thr 9504] 0xa0600266 | SSL | ssl3_read_bytes
[Thr 9504] received a fatal SSLv3 handshake failure alert message from the peer
[Thr 9504] << ---------- End of Secude-SSL Errorstack ----------
[Thr 9504] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
[Thr 9504] No certificate request received from Server
[Thr 9504] SSL NI-sock: local=172.16.8.124:64137 peer=XXXXXXXXX:443
[Thr 9504] <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000006F9B5B0)==SSSLERR_SSL_CONNECT
[Thr 9504] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00010006} [icxxconn.c 1989]