Hello all,

We're trying to call a web service over HTTPs with client certificate (soapReceiver). Our PI is AS JAVA 7.4 (single stack). We also have another PI 7.4 (Abap and Java Stack for testing purposes). In this scenario our PI acts as a client.

While trying to establish a ssl connection we receive the following error in XPI_INSPECTOR tool in both systems:

The SSL version is 3.1 which corresponds to TLSv1.0, but the server is refusing the connection.

All certificates (Client and CA ) are properly installed in the Keystores and so on. I think there is no problem with that.

The ssl connection works fine with SOAPUI tool so we have analysed the traffic in order to find the differences between PI ssl connection and SOAPUI ssl connection and we've find the following:

With SOAPUI the trace shows a complete ssl connection:

If we deeply debug the "client hello" message and the "server hello" message, we see that the server receives 21 cipher suites from the client and choose one of then.

Client hello message :

Server hello message:

With our PI we have the following trace:

Client hello:

Server hello (not really, because is a handshake failure)

-----------------------------------------------------------------------------------------------------------------------------------------------------

We think the connection is being refused because none of the 35 cipher suites sent by our PI is accepted by the server.

I've read the following threads    , https://scn.sap.com/thread/3852649

but the problem is not exactly the same. The server accepts TLSv1.0 as we've seen in the pictures above.

How can i set/add/modify the cipher suites availables to make ssl connections? Do you think this is the real problem?

Any help or suggestion is welcome.