on 07-11-2014 2:54 PM
Hi Experts,
We currently have Portal running on SAP NETWEAVER 7.0. When we have TLS 1.0 enabled IE doesn't load the secure webpage. If we have TLS1.0 disabled and TLS 1.1 and 1.2 enabled the page comes up.
The business wants to be able to open the webpage with TLS 1.0 enabled as other websites need that.
Any ideas?
Thanks,
Asad
What is the SP level of your 7.0 system? Make sure SAP note 1663313 is installed. See also SAP KBA 1673448 for further information on the topic.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Then you are affected by the problem and you should update to SP23 patch 15 or higher. As a workaround you can configure the cipher suites of AS JAVA, the procedure is described in the SAP KBA 1673448.
Hi Samuli,
We are looking to upgrade but the business has a doubt about the following:
(1) What is the implication of applying the service packs? Is there a way to determine whether the functionality changed in the service packs are in use in the portal environment servicing PSE or the PCI Payment portals?
(2) The service pack option is not without risk considering the NetWeaver portal server for PSE shares the same dev/qa path as the PCI Payment portal application.
(3) Wouldn’t we want to apply the updates to all of the NetWeaver servers, including the production PCI Payment portals?
Thanks for your help!
Regards,
Asad
Hi Samuli,
SAP has come back saying :
But I don't agree with them as the issue is not only limited to IE, its the same with Mozilla, Chrome etc
You might have any more suggestion for this issue? Upgrading the systems is not very appealing to the client as the partners connecting to ours have the same SP levels.
Thanks,
Asad
Apart from upgrading your AS JAVA, you could configure the cipher suites per the SAP note and SAP KBA I mentioned. Although not recommended, using RC4 together with TLS 1.0 should work. Instead of minimizing security you should try to advocate security so that everyone in your company starts using TLS 1.1/1.2. Updating AS JAVA should be the 2nd most important task on your todo list, the version you are using has numerous known vulnerabilities.
Only one way to find out. I had to do the same back in 2011 at one customer who refused to upgrade their AS JAVA and it worked. You can add the ciphers back if it doesn't work, just have another system at hand which you can use to look up the list of ciphers or save the list of ciphers in a text file.
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.