0 Replies Latest reply on Mar 19, 2020 10:17 PM by 3881282

    jre1.8.0_241 handshake failure



      we trying to make an connection with a SAP Message Server through SAP Process Orchestration, but we get a handshake failure.


      The following cipher suites are supported by the SAP Message Server:



             TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)


      The JRE sent the following ciphers while doing the client hello:

      Cipher Suites (14 suites)

          Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07b)

          Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0)

          Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07a)

          Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba)

          Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)

          Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)

          Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

          Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)


      Is it possible to configure JRE to sent the TLS_ECDHE ciphers to the server?


      I tried to disable the TLS_RSA ciphers with the setting jdk.tls.disabledAlgorithms in java.security, but JRE still sent the TLS_RSA ciphers to the server.

      And i also played around with many other configurations like jdk.jar.disabledAlgorithms, jdk.tls.legacyAlgorithms and crypto.policy. But the JRE client still sending the TLS_RSA ciphers.


      Hope you guys have a solution for this issue.


      Best regards