SAP SSL 握手失败

Question

I'm trying to retrieve data from an open data api. I have downloaded the certificate from the site and imported it into STRUST (SSL Client Anonymous).

Then I created a HTTP connection to external server in SM59. In the beginning it worked fine, until last week when the api changed its URL and so its DNS.

Of course it could no longer be reached by the current host. So I did above steps again for the new URL (changed everything accordingly like hostname etc. in SM59), but this time I receive following error:

SSL handshake with 'hostname:port' failed: SSSLERR_CONN_CLOSED (-10)#Remote 
Peer has closed the network connection##SapSSLSessionStartNB()==SSSLERR_CONN_CLOSED##

Anyone has an idea on how to solve this?

Answer 1

On another forum someone helped me solve the problem. He pointed me out that the problem lies with SNI see: https://security.stackexchange.com/questions/101965/ssl3-error-when-requesting-connection-using-tls-1-2/102018#102018

https://en.wikipedia.org/wiki/Server_Name_Indication

To solve this problem you need to add following parameter: icm/HTTPS/client_sni_enabled and set it to TRUE on the DEFAULT profile. Afterwards you need to restart the application server in order to activate the effects of the parameter.

Link to the full question on SCN: https://answers.sap.com/questions/473015/sap-ssl-handshake-failed.html

EDIT: I came across this error again later on, but this time it seemed that the error was caused because we used a certificate with TLS 1.2 which was not supported by our system. You can check this link: https://launchpad.support.sap.com/#/notes/510007 we implemented number 7 to fix this.