08-20-2009 11:04 AM
Hi,
I am looking for disable SSLv2 in SAP webdispatcher for some audit issue.
if anyone know how to do and any impact after disabled.
Many thanks,
Eak
08-20-2009 4:59 PM
We recently had the same issue. Insert the following into the Web Dispatcher profile:
ssl/ciphersuites=MEDIUM
Thanks,
Graham
08-20-2009 4:59 PM
We recently had the same issue. Insert the following into the Web Dispatcher profile:
ssl/ciphersuites=MEDIUM
Thanks,
Graham
08-21-2009 6:34 AM
More info about cipher suite selection and some examples are in Note 510007. The problem is that difference between version 2 and 3 is not only in supported cipher suites. There are additional improvements/structural changes which prevent additional attacks. When you set that parameter to MEDIUM then you support only two cipher suits:
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
These cipher suites are from version 3 so theoretically you should allow only version 3 but still version 3 supports fallback to previous version. It would be nice if some could test this.
BTW probably more secure setting is ssl/ciphersuites=HIGH:MEDIUM
Cheers
08-21-2009 7:51 AM
Hi Both,
Thank you so much for your very useful information.
best regards,
Eak