TLS 1.x Support?

Former Member · ‎02-25-2016

Dear all,

does anyone have experience using TLS in connection with NetWeaver 7.3 and higher?

Java 1.4 does support SSL, but not TLS hence NetWeaver 7.0x won't support TLS at all. However, with Java 6 the support is available for TLS 1.x. Depending on the Java Version it can go up to TLS 1.2, but at least TLS 1.0

Unfortunately i had not yet the chance to test it myself, but beside my assumption that TLS should work, someone told me that there are probably some issues with SAP's Crypto-lib as the cypher stack is still using legacy code behind the science which is build for Java 1.4.x environments (NetWeaver 7.0x).

Question therefore

Which NetWeaver release/patch will get rid of this issue out of the box
What is your best practice approach to "fix" that issue e.g. for NetWeaver 7.3, so that it still works
What settings are required to switch on TLS support

Hope someone can speak from experience and faced that issue already.

Regards,

Andreas

ian_black · ‎03-16-2016

Hi Andreas,

Did you make any progress on this, I am trying to limit access to our PI system (NW 7.4), so far I have tried the following, non of which worked;

Instance profile params
ssl/ciphersuites=512:HIGH
ssl/client_ciphersuites=512:HIGH

Default profile params
ssl/ciphersuites=512:HIGH
ssl/client_ciphersuites=512:HIGH

SSL provider Server service (changed through configtool)
param SSL_VERSION_MIN, set to TLS11

ian_black · ‎03-16-2016

Its ok, I think I have sorted this now, it is indeed the DEFAULT profile param that I needed, dont know why it didn't work first time around, now it appears TLS1.2 is only allowed access, SSL and TLS1.0 and TLS1.1 are not allowed, security scan still to confirm this but browsing in IE needs TLS1.2 switched on to get to the java stack using https