02-25-2016 10:57 AM
Dear all,
does anyone have experience using TLS in connection with NetWeaver 7.3 and higher?
Java 1.4 does support SSL, but not TLS hence NetWeaver 7.0x won't support TLS at all. However, with Java 6 the support is available for TLS 1.x. Depending on the Java Version it can go up to TLS 1.2, but at least TLS 1.0
Unfortunately i had not yet the chance to test it myself, but beside my assumption that TLS should work, someone told me that there are probably some issues with SAP's Crypto-lib as the cypher stack is still using legacy code behind the science which is build for Java 1.4.x environments (NetWeaver 7.0x).
Question therefore
Hope someone can speak from experience and faced that issue already.
Regards,
Andreas
03-16-2016 2:20 PM
Hi Andreas,
Did you make any progress on this, I am trying to limit access to our PI system (NW 7.4), so far I have tried the following, non of which worked;
Instance profile params
ssl/ciphersuites=512:HIGH
ssl/client_ciphersuites=512:HIGH
Default profile params
ssl/ciphersuites=512:HIGH
ssl/client_ciphersuites=512:HIGH
SSL provider Server service (changed through configtool)
param SSL_VERSION_MIN, set to TLS11
03-16-2016 3:25 PM
Its ok, I think I have sorted this now, it is indeed the DEFAULT profile param that I needed, dont know why it didn't work first time around, now it appears TLS1.2 is only allowed access, SSL and TLS1.0 and TLS1.1 are not allowed, security scan still to confirm this but browsing in IE needs TLS1.2 switched on to get to the java stack using https