Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable SSLv2 on SAP webdispatcher

Go to solution
Former Member

‎08-20-2009 11:04 AM

0 Kudos

Hi,

I am looking for disable SSLv2 in SAP webdispatcher for some audit issue.

if anyone know how to do and any impact after disabled.

Many thanks,

Eak

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎08-20-2009 4:59 PM

0 Kudos

We recently had the same issue. Insert the following into the Web Dispatcher profile:

ssl/ciphersuites=MEDIUM

Thanks,

Graham

3 REPLIES 3

Go to solution
Former Member

‎08-20-2009 4:59 PM

0 Kudos

We recently had the same issue. Insert the following into the Web Dispatcher profile:

ssl/ciphersuites=MEDIUM

Thanks,

Graham

Go to solution
mvoros
Active Contributor
In response to Former Member

‎08-21-2009 6:34 AM

0 Kudos

More info about cipher suite selection and some examples are in Note 510007. The problem is that difference between version 2 and 3 is not only in supported cipher suites. There are additional improvements/structural changes which prevent additional attacks. When you set that parameter to MEDIUM then you support only two cipher suits:

SSL_RSA_WITH_RC4_128_SHA

SSL_RSA_WITH_RC4_128_MD5

These cipher suites are from version 3 so theoretically you should allow only version 3 but still version 3 supports fallback to previous version. It would be nice if some could test this.

BTW probably more secure setting is ssl/ciphersuites=HIGH:MEDIUM

Cheers

Go to solution
Former Member
In response to Former Member

‎08-21-2009 7:51 AM

0 Kudos

Hi Both,

Thank you so much for your very useful information.

best regards,

Eak