2018 Oct 27 5:39 AM
Greetings
I am facing challenge in accessing a HTTPS URL https://iam.bluemix.net and am looking for some help.
Setup
ssl/ciphersuites 135:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites 918:PFS:HIGH::EC_P256:EC_HIGH " Have tried with 150 as well
ABAP Code
I've tried sample code found on SCN/Google but it didn't work.
ICM Log
SM59
I tried to setup a G connection without SSL + No Auth + No Logon and got following error.
I've tried various combinations but they always land in the SSLV3 No certificate error (as in first screenshot). I've run out of ideas and in desperate need of some advice.
ABAP Code
REPORT .
DATA html_control TYPE REF TO cl_gui_html_viewer.
DATA: l_empty_co TYPE REF TO cl_gui_container.
DATA : gv_url TYPE string VALUE 'https://iam.bluemix.net'.
DATA : url_char TYPE C LENGTH 255.
DATA : http_client TYPE REF TO if_http_client.
DATA : post_data_string TYPE string.
DATA : data_length TYPE I.
DATA : lt_table TYPE TABLE OF char255 WITH HEADER LINE.
DATA : page_content TYPE xstring.
DATA : lt_ex_tab LIKE lxe_xtab OCCURS 1 WITH HEADER LINE.
CREATE OBJECT html_control
EXPORTING
parent = l_empty_co.
CALL METHOD cl_http_client=>create_by_url
EXPORTING
url = gv_url
IMPORTING
CLIENT = http_client
EXCEPTIONS
OTHERS = 1.
CALL METHOD http_client->request->set_header_field
EXPORTING
name = '~request_method'
VALUE = 'POST'.
CALL METHOD http_client->request->set_header_field
EXPORTING
name = 'Content-Type'
VALUE = 'application/x-www-form-urlencoded'.
* post_data_string = 'lang=TR....'.
* data_length = STRLEN( post_data_string ).
* CALL METHOD http_client->request->set_cdata
* EXPORTING
*DATA = post_data_string
* offset = 0
* length = data_length.
CALL METHOD http_client->send
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE 'I' NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4 DISPLAY LIKE sy-msgty.
EXIT.
ENDIF.
* 5 - Get the result back
************* FAILS AT THIS POINT ***************
CALL METHOD http_client->receive
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE 'I' NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4 DISPLAY LIKE sy-msgty.
EXIT.
ENDIF.
* 6 - Get the content of the returned page
page_content = http_client->response->get_data( ).
CALL FUNCTION 'LXE_COMMON_XSTRING_TO_TABLE'
EXPORTING
in_xstring = page_content
TABLES
ex_string = lt_ex_tab.
CLEAR lt_table[].
LOOP AT lt_ex_tab.
APPEND lt_ex_tab-TEXT TO lt_table.
ENDLOOP.
url_char = gv_url.
CALL METHOD html_control->load_data
EXPORTING
url = url_char
IMPORTING
assigned_url = url_char
CHANGING
data_table = lt_table[]
EXCEPTIONS
dp_invalid_parameter = 1
dp_error_general = 2
cntl_error = 3
OTHERS = 4.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE 'I' NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4 DISPLAY LIKE sy-msgty.
EXIT.
ENDIF.
CALL METHOD html_control->('DETACH_URL_IN_BROWSER')
EXPORTING
url = gv_url.
cl_gui_cfw=>flush( ).
2018 Oct 28 10:41 PM
Hi
You need to import all 3 certificates from the chain!
Also set ssl_id = 'ANONYM'
regards
Domi
2018 Oct 28 10:41 PM
Hi
You need to import all 3 certificates from the chain!
Also set ssl_id = 'ANONYM'
regards
Domi
2018 Oct 30 6:05 PM
Thanks but did not work. I imported all 3 certificates in the chain to PSE. Then ran the code and tested SM59 connect. Same issue "No certificaste request ...."
2018 Oct 31 7:39 AM
Did you restart the ICM after you imported the SSL certificates?
It's a little thing i discovered when i started to play with SSL: go to SMICM, choose menu Administration -> ICM ->Exit Hard ->Global
Once ICM restart, try again the connection in SM59
2018 Oct 31 12:06 PM
Thanks
Yes. I do that every time I import the certificates. If it is not inconvenient, can I request you to try at your end. I just want to ensure if it's me or the site is not at all accessible via SAP.
2018 Nov 01 4:37 PM
Hi
Report works fine (with some release dependent adjustments)
Which version of SAPCRYPTOLIB is installed (Report SSF02)?
regards domi
2018 Nov 02 3:03 AM
Aha. That's good news. If you are able to access web page that means there is an issue which can be fixed. Thank you for taking out time for the same
I'll check the cryptolib version and update here
Edit :
SSFLIB Version 1.840.40 ; CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.32
2018 Nov 16 5:08 AM
Hi Domi
I have upgraded SAPCRYPTOLIB to 8.5.23. Still doesn't works. ( Have restarted server and ICM)
Further I've created a new PSE with only 4 certificates.
Below is a side-by-side comparison
github connects ok where bluemix gives same error. Could you share necessary info on your side that made the report work for you ? Thanks for your help.
2018 Nov 21 10:52 AM
Thank you all for your inputs. The issue is finally resolved. It was a cipher suit issue. I forced TLS 1.2 and that worked. Appreciate your time and valueable inputs.
2019 Jan 10 3:24 PM
Hello Manish,
how did you solved the problem. We are facing the same issue.
After an update to CommonCryptoLib Version : 8.5.23 ,Kernel Patch 614 with Kernel 749 and TLS 1.2.
We do not face this ssl handshake(-10) issue on our sandbox which is 8.5.21 , Kernel Patch 520 and Kernel 749. and TLS 1.0.
Do know the issue, what parameter did you set ?
Thanks & regards,
Hasan