You are doing a testing for an outgoing connection from SAP ABAP side to another location. The test was failed and from the ICM trace log, below error message was recorded,
[Thr 11720] *** ERROR during SecuSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 11720] cli SSL session PSE "E:\usr\sap\DEV\DVEBMGS00\sec\SAPSSLC.pse"
[Thr 11720] session ciphersuites=HIGH:MEDIUM:+e3DES
[Thr 11720] Client SSL_CTX 0000000016B872E0 pvflags=128 (TLSv1.0)
[Thr 11720] SecuSSL_SessionStart: SSL_connect() failed (536875072/0x20001040)
[Thr 11720] => "received a fatal TLS handshake failure alert message from the peer"
[Thr 11720] >> Begin of Secu-SSL Errorstack >>
[Thr 11720] 0x20001040 SAPCRYPTOLIB SSL_connect
[Thr 11720] SSL API error
[Thr 11720] received a fatal TLS handshake failure alert message from the peer
[Thr 11720] 0xa0600266 SSL ssl3_connect
[Thr 11720] received a fatal TLS handshake failure alert message from the peer
[Thr 11720] 0xa0600266 SSL ssl3_read_bytes
[Thr 11720] received a fatal TLS handshake failure alert message from the peer
[Thr 11720] << End of Secu-SSL Errorstack
[Thr 11720] (No certificate request received from Server)
[Thr 11720] Target Hostname="itsiti.com"
[Thr 11720] SSL NI-hdl 184: local=192.168.1.10:50000 peer=192.168.1.20:443
[Thr 11720] <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000001781E80)==SSSLERR_SSL_CONNECT
[Thr 11720] ->> SapSSLErrorName(rc=-57)
[Thr 11720] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
[Thr 11720] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {000101ec} [icxxconn.c 2002]
Solution
Please read and go through the SAP Note 510007 – Additional considerations for setting up SSL on Application Server ABAP.
In our scenario, we have maintain both parameter below in DEFAULT profile using the transaction code RZ10. You need to restart the SAP system to apply the changes.
- ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
- ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH
