cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error establisinh SSL connection

Go to solution
Former Member

on ‎12-18-2007 10:05 AM

0 Kudos

Hi all,

I have a problem creating an http connection over SSL to an external partner. In SMICM the log shows:

[Thr 7100] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 7100] session uses PSE file "D:\usr\sap\EXT\DVEBMGS00\sec\SAPSSLC.pse"

[Thr 7100] SecudeSSL_SessionStart: SSL_connect() failed

secude_error 536871970 (0x20000422) = "SSL record with the wrong SSLPlaintext.version received"

[Thr 7100] >> Begin of Secude-SSL Errorstack >>

[Thr 7100] ERROR in ssl3_get_record: (536871970/0x20000422) SSL record with the wrong SSLPlaintext.version received #

[Thr 7100] << End of Secude-SSL Errorstack

[Thr 7100] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"

[Thr 7100] SSL socket: local=XXXXXXX:4100 peer=XXXXXXX:443

[Thr 7100] <<- ERROR: SapSSLSessionStart(sssl_hdl=00000000089F79D0)==SSSLERR_SSL_CONNECT

It should be noted that we have many other SSL connections that work fine with other partners.

So my question is, does anyone know what the error "SSL record with the wrong SSLPlaintext.version received" means?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-18-2007 10:58 AM
0 Kudos

Hi Rasmus,

It is due to trusted certificate is expired Or due to the incorrect authorization during Proxy generation.

The error message means that the certificate you use is not verifiable. So eigther the CA certificate is not set up correctly or one of your intermediate certificates are missing.

Please read SAP note: #510007 it describes all the steps you need to make to enable SSL on your WAS.

To solve this kindly follow below link as help

/people/thomas.jung3/blog/2005/05/13/calling-webservices-from-abap-via-https

Also follow SAP Note- 852688

*Pls: Reward points if helpful*

Regards,

Jyoti

Show replies
Show replies
Former Member
‎12-18-2007 11:15 AM
0 Kudos

Hi Jyoti,

thanks for replying,

but I do not think it is a problem with the CA certificates since we have other partners using the exact same CA and intermediates and they work fine.

Could it be something at the partner, perhaps requesting client authentication or something?

Answers (1)

Answers (1)

Former Member
‎12-18-2007 11:44 AM
0 Kudos

Hi Rasmus,

Then it may be due to the incorrect authorization during Proxy generation.Please check:

1.If you are using the correct version of the SSL protocol.

2. check the setting for proxy authentication properties

3.if you have valid credentials to use Proxy server.

Also check:

http://www.faqs.org/faqs/computer-security/ssl-talk-faq/

*Pls: Reward points if helpful*

Regards,

Jyoti

Show replies
Show replies
Former Member
‎12-18-2007 12:39 PM
0 Kudos

Hi,

I appreciate your suggestions

1: I am using version 3

2 and 3: Not using proxies.

I am still unsure if it is the partner who might have a problem.

Former Member
‎12-18-2007 12:55 PM
0 Kudos

Hi,

During SSL connection partner should also be part of problem.

As you mentioned it was working fine with other receiver tand your all configurations are correct then problem should be with partner.

See hint in log file:

>>>SSL record with the wrong SSLPlaintext.version received #

Which means you are not receiving correct response for your SSL request.

Regards,

Gourav

Ask a Question