01-08-2013 6:40 PM
Hi,
our Web dispatcher is in DMZ to communicate our portal securely through HTTPS.
we did some scans and it revealed that there are some weak ciphers enabled. i checked sap note 510007 point 6 and decided to add the parameter in web dispatcher profile.
ssl/ciphersuites=LOW
could you please check & confirm if that is enough or add any other parameters ?
01-08-2013 6:49 PM
By setting that parameter, you made the security worse. If you want the highest level of security you have to set the parameter to HIGH. Depending on the NetWeaver version, the default setting of ciphersuite includes LOW and EXPORT which you can omit.
You should test with all browsers, devices and operating systems before committing to a specific value for ciphersuite.
01-08-2013 6:54 PM
yes , i was just reading the note again. so i am going to use. is that ok ?
ssl/ciphersuites= HIGH:MEDIUM
01-08-2013 6:56 PM
Yes but make note on what I wrote about compatibility. Restricting the ciphers too much might render your application inaccessible to some devices.
01-08-2013 7:00 PM