Skip to Content
avatar image
Former Member

Error establisinh SSL connection

Hi all,

I have a problem creating an http connection over SSL to an external partner. In SMICM the log shows:

[Thr 7100] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 7100] session uses PSE file "D:\usr\sap\EXT\DVEBMGS00\sec\SAPSSLC.pse"

[Thr 7100] SecudeSSL_SessionStart: SSL_connect() failed

secude_error 536871970 (0x20000422) = "SSL record with the wrong SSLPlaintext.version received"

[Thr 7100] >> Begin of Secude-SSL Errorstack >>

[Thr 7100] ERROR in ssl3_get_record: (536871970/0x20000422) SSL record with the wrong SSLPlaintext.version received #

[Thr 7100] << End of Secude-SSL Errorstack

[Thr 7100] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"

[Thr 7100] SSL socket: local=XXXXXXX:4100 peer=XXXXXXX:443

[Thr 7100] <<- ERROR: SapSSLSessionStart(sssl_hdl=00000000089F79D0)==SSSLERR_SSL_CONNECT

It should be noted that we have many other SSL connections that work fine with other partners.

So my question is, does anyone know what the error "SSL record with the wrong SSLPlaintext.version received" means?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 18, 2007 at 10:58 AM

    Hi Rasmus,

    It is due to trusted certificate is expired Or due to the incorrect authorization during Proxy generation.

    The error message means that the certificate you use is not verifiable. So eigther the CA certificate is not set up correctly or one of your intermediate certificates are missing.

    Please read SAP note: #510007 it describes all the steps you need to make to enable SSL on your WAS.

    To solve this kindly follow below link as help

    /people/thomas.jung3/blog/2005/05/13/calling-webservices-from-abap-via-https

    SSL: Client Certificate

    Also follow SAP Note- 852688

    *Pls: Reward points if helpful*

    Regards,

    Jyoti

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Jyoti,

      thanks for replying,

      but I do not think it is a problem with the CA certificates since we have other partners using the exact same CA and intermediates and they work fine.

      Could it be something at the partner, perhaps requesting client authentication or something?

  • avatar image
    Former Member
    Dec 18, 2007 at 11:44 AM

    Hi Rasmus,

    Then it may be due to the incorrect authorization during Proxy generation.Please check:

    1.If you are using the correct version of the SSL protocol.

    2. check the setting for proxy authentication properties

    3.if you have valid credentials to use Proxy server.

    Also check:

    http://www.faqs.org/faqs/computer-security/ssl-talk-faq/

    *Pls: Reward points if helpful*

    Regards,

    Jyoti

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      During SSL connection partner should also be part of problem.

      As you mentioned it was working fine with other receiver tand your all configurations are correct then problem should be with partner.

      See hint in log file:

      >>>SSL record with the wrong SSLPlaintext.version received #

      Which means you are not receiving correct response for your SSL request.

      Regards,

      Gourav