Meanwhile we tested this scenario with latest CommonCryptoLib instead of using the SNC Library provided within the Secure Login Library 2.0 SP3 package. Same results.
Platform: linux-gcc-4.1-x86-64 (linux-gcc-4.1-x86-64)
Versions: SAPGENPSE 8.4.20 (Jun 23 2014)
FILE-Version 8.4.20.0
CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.20 pl40 (Jun 23 2014) MT-safe
X.509 SSO with SLC works fine but SNC Client Encryptions works only sometimes... from what we see in the level 4 traces the system seems to use the SAPSNCSKERB.PSE sometimes for verification and sometimes the SAPSNCS.PSE which then lead to key exchange issues...