cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NW Portal not working with TLS1.0 enabled in IE and works with 1.1 and 1.2

former_member199963
Participant

on ‎07-11-2014 2:54 PM

0 Kudos


Hi Experts,

We currently have Portal running on SAP NETWEAVER 7.0. When we have TLS 1.0 enabled IE doesn't load the secure webpage. If we have TLS1.0 disabled and TLS 1.1 and 1.2 enabled the page comes up.

The business wants to be able to open the webpage with TLS 1.0 enabled as other websites need that.

Any ideas?

Thanks,

Asad

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎07-11-2014 5:00 PM
0 Kudos

What is the SP level of your 7.0 system? Make sure SAP note 1663313 is installed. See also SAP KBA 1673448 for further information on the topic.

Show replies
Show replies
former_member199963
Participant
‎07-15-2014 7:41 PM
0 Kudos

Hi Samuli,

We have NW 7.00 SP12.

Also, how do we check in SAP what TLS version the server is looking for?

Former Member
‎07-15-2014 7:54 PM
0 Kudos

Then you are affected by the problem and you should update to SP23 patch 15 or higher. As a workaround you can configure the cipher suites of AS JAVA, the procedure is described in the SAP KBA 1673448.

former_member199963
Participant
‎07-17-2014 5:59 PM
0 Kudos

Hi Samuli,

We are looking to upgrade but the business has a doubt about the following:

(1) What is the implication of applying the service packs? Is there a way to determine whether the functionality changed in the service packs are in use in the portal environment servicing PSE or the PCI Payment portals?

(2) The service pack option is not without risk considering the NetWeaver portal server for PSE shares the same dev/qa path as the PCI Payment portal application.

(3) Wouldn’t we want to apply the updates to all of the NetWeaver servers, including the production PCI Payment portals?

Thanks for your help!

Regards,

Asad

Former Member
‎07-17-2014 6:09 PM
0 Kudos

There might be an impact, the only way to find out is to do a system copy to a test system, upgrade and test. Yes, you have to keep your landscape coherent, e.g. apply SPs to all systems.

former_member199963
Participant
‎07-17-2014 6:32 PM
0 Kudos

Cool, let me see what they say.

Thanks Samuli!

former_member199963
Participant
‎07-29-2014 9:30 PM
0 Kudos

Hi Samuli,

SAP has come back saying :

But I don't agree with them as the issue is not only limited to IE, its the same with Mozilla, Chrome etc

You might have any more suggestion for this issue? Upgrading the systems is not very appealing to the client as the partners connecting to ours have the same SP levels.

Thanks,

Asad

Former Member
‎07-29-2014 9:58 PM
0 Kudos

Apart from upgrading your AS JAVA, you could configure the cipher suites per the SAP note and SAP KBA I mentioned. Although not recommended, using RC4 together with TLS 1.0 should work. Instead of minimizing security you should try to advocate security so that everyone in your company starts using TLS 1.1/1.2. Updating AS JAVA should be the 2nd most important task on your todo list, the version you are using has numerous known vulnerabilities.

former_member199963
Participant
‎07-29-2014 10:28 PM
0 Kudos

Hi Samuli,

This is the status in VA:

The note says to :

remove all cipher suites except the following:

  SSL_RSA_WITH_RC4_128_SHA

Don't think this will work out with us as we have so many ciphers in place.

Thanks,

Asad

Former Member
‎07-30-2014 12:27 AM
0 Kudos

Only one way to find out. I had to do the same back in 2011 at one customer who refused to upgrade their AS JAVA and it worked. You can add the ciphers back if it doesn't work, just have another system at hand which you can use to look up the list of ciphers or save the list of ciphers in a text file.

former_member199963
Participant
‎07-30-2014 10:32 PM
0 Kudos

Hi Samuli,

I am not sure how to remove and add ciphers. Can you please advice me how I can do it? You might have any doc explaining it?

Thanks,

Asad

Ask a Question