Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

HTTP/1.0 500 Native SSL error

Go to solution
Former Member

on ‎2018 Jun 08 3:52 AM

0 Likes
7,460

Hello Team,

I am trying to connect to an external webserver from SAP ECC.

I have created an SSL client identity and imported the Server certificates to this PSE in STRUST. I have also added the other certificates in the entire server certificate chain to the PSE. When I try to test the connection, I get the following error:

***************************************************************************************************

[Thr 11512] SSL NI-sock: local=x.y.z.a:8000 peer=a.b.c.d:443

[Thr 11512] <<- SapSSLSetNiHdl(sssl_hdl=52134acd0, ni_hdl=163)==SAP_O_K

[Thr 11512] IcmConnInitClientSSL: using default pse, show client certificate if available

[Thr 11512] <<- SapSSLSetTargetHostname(sssl_hdl=52134acd0)==SAP_O_K

[Thr 11512] in: hostname = "client web url"

[Thr 11512] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_CONNECTION_LOST

[Thr 11512] session uses PSE file "/usr/sap/hostname/D02/sec/SAPSSLC.pse"

[Thr 11512] No Secude Error present in trace stack!

[Thr 11512] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"

[Thr 11512] No certificate request received from Server

[Thr 11512] <<- ERROR: SapSSLSessionStart(sssl_hdl=52134acd0)==SSSLERR_SSL_CONNECT

[Thr 11512] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT

[Thr 11512] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00010090} [icxxconn_mt.

[Thr 11512] <<- SapSSLSessionDone()==SAP_O_K

[Thr 11512] in: sssl_hdl = 52134acd0

[Thr 11512] ... ni_hdl = 193

***************************************************************************************

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

Isaias_SAP
Product and Topic Expert
Product and Topic Expert
‎2018 Jun 08 1:35 PM
0 Likes

Hello Praveen,

The first error that is occurring is:

[Thr 11512] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_CONNECTION_LOST

This would occur when the network connection was closed.

You can capture a network trace (tcpdump) to see whether anything unusual is occurring (like the SAP server receiven reset - RST - packets).

The analysis should continue from a network perspective.

Regards,

Isaías

Show replies
Show replies
Former Member
‎2018 Jun 08 3:11 PM
0 Likes

Hello Isaias,

Thanks for your inputs. While i check on the network part , i wanted to update you that connection seems to work fine from the browser level. Do you think there would a chance that it works with the same certificates in browser level but stop working from SAP due to Network issue. Kindly confirm. Thanks.

Regards,

Praveen

Isaias_SAP
Product and Topic Expert
Product and Topic Expert
‎2018 Jun 08 3:58 PM
0 Likes

Hello Praveen,

You are welcome! 🙂

Did you execute the browser on the same machine where SAP is running?

If not it would mean that different network paths could be involved. So, yes, it could still be something at the network even if it worked on the browser.

Regards,

Isaías

Former Member
‎2018 Jun 15 2:53 PM
0 Likes

Hello Isaias,

Sorry for the delayed response. I was trying to check on how to initiate the trace and i wasn't sure on how to do it. Would you know if there is any SAP note i can refer to get the exact command to use to check this.

Thanks,

Praveen

Isaias_SAP
Product and Topic Expert
Product and Topic Expert
‎2018 Jun 19 11:23 AM
0 Likes

Hello Praveen,

I do not know any SAP Note that would address network tracing.

You network / operating system team should be able to help you.

"tcpdump" would have to be executed as "root".

A typical command for Linux would be "tcpdump -i any -n -w <file.pcap>".

Usually executing "man <command>" works on any Linux/UNIX server, so you get help with the command ;-).

Regards,

Isaías

Former Member
‎2018 Jun 25 4:44 AM
0 Likes

Thanks Isaias.

Isaias_SAP
Product and Topic Expert
Product and Topic Expert
‎2018 Jun 25 4:04 PM
0 Likes

You are welcome!

Former Member
‎2018 Jun 30 12:43 PM
0 Likes

Hello Isaias,

If tcpdump is not an option , would you recommend any other tools to identify the issue as the connection is established initially and then lost in between and we are unsure on what is causing the connection lost. Thanks.

Isaias_SAP
Product and Topic Expert
Product and Topic Expert
‎2018 Jul 02 11:35 PM
0 Likes

Hello Praveen,

Your network team should assist you with this.

They should indicate which tool they prefer to use.

For Linux/UNIX servers, "tcpdump" is the most common tool.

For Windows, it is "Wireshark".

Regards,

Isaías

Answers (1)

Answers (1)

Former Member
‎2018 Oct 02 4:45 AM
0 Likes

This was resolved by adding ssl/client_ciphersuites = 982:HIGH:MEDIUM:+e3DES profile parameter.



Show replies
Show replies
Ask a Question