SMICM: SSSLERR_UNSUPP_PROTOCOL_VERSION

Posted by — March 29, 2022 in SAP BASIS Leave a reply

You are getting the following error message in the SMICM trace log file.

[Thr 6468] >>            Begin of Secu-SSL Errorstack            >>
[Thr 6468] 0x20000307   SAPCRYPTOLIB   SSL_read
[Thr 6468] SSL API error
[Thr 6468] Unsupported SSL/TLS protocol version in ClientHello.
[Thr 6468] 0xa0600234   SSL_   ssl23_read
[Thr 6468] Unsupported SSL/TLS protocol version in ClientHello.
[Thr 6468] 0xa0600234   SSL_   ssl23_get_client_hello
[Thr 6468] Unsupported SSL/TLS protocol version in ClientHello.
[Thr 6468] 0xa0600234   SSL_   ssl3_get_best_common_version
[Thr 6468] Unsupported SSL/TLS protocol version in ClientHello.
[Thr 6468] (SSL CTX supports versions: TLSv1.0, TLSv1.1, TLSv1.2). ClientHello.client_version SSLv3 {0x03,0x00}
[Thr 6468] <<            End of Secu-SSL Errorstack
[Thr 6468]   SSL NI-hdl 114: local=12.3.4.5:443  peer=67.89.10.11:123456
[Thr 6468] <<- ERROR: SapSSLSessionStartNB(sssl_hdl=1f5606bedb0)==SSSLERR_UNSUPP_PROTOCOL_VERSION
[Thr 6468] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStartNB returned (-108): SSSLERR_UNSUPP_PROTOCOL_VERSION

Solution

We referred to the SAP Note 2962555 – SSSLERR_SSL_CONNECT error when using SAP MMC, you will need to adjust the both parameters in transaction code RZ10.

  • ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH
  • ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH

Once maintained, you need to perform a system restart to activate the parameter changes.

Please visit SAP Note 510007 – Additional considerations for setting up SSL on Application Server ABAP (look for section 7).

You May Also Like

How to Export/Import SAML2 Configuration File

How to Check SAP Web Statistics (HTTP, HTTPS)

How to Housekeep WF_LOG_* Files in SAP

SE16T: Central Access for Search Functions

Leave a Reply?