SSL\TLS ciper suite for TLS_DH_RSA_WITH_AES_128_CB...

Former Member · ‎09-24-2013

H all,

We need to sent HTTP request from SAP PI to 3-в party server using TLS_DH_RSA_WITH_AES_128_CBC_SHA alghoritm TLS\SSL. Does this alghoritm supported by standard SAP – or any partner solutions ?

Regards,

Ivan.

Former Member · ‎09-24-2013

As far as I know, yes. SAP Cryptolib 555 pl28 and newer support cipher suites defined in RFC3268. See the attached links for details.

https://service.sap.com/sap/support/notes/1415576

http://www.ietf.org/rfc/rfc3268.txt

mvoros · ‎09-25-2013

Hi,

as Samuli said it's a fairly common suite so it should not be a problem. I just wanted to add that TLS_DHE_RSA_WITH_AES_128_CBC_SHA would be a better choice that provides perfect forward secrecy. But you can't control this.

Cheers

Former Member · ‎09-25-2013

Hi,

Thank you all for your inputs - but one question. I found in SAP Securiy Guide:

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/14/29236de1864c6e8d46e77192adaa95/frameset.htm

one sentense:

The cipher suites for outbound SSL connections cannot be managed.

Does it means that capabilities mentioned in note 1415576 - can help only when SAP PI / Netweaver acts as server - not client ?

I found one helpful blog on SDN: http://scn.sap.com/community/b2b-integration/blog/2012/09/18/configure-the-httpaae-receiver-communic...

But i do not found where to set needed alghorithm ?

Regards,

Ivan.

mvoros · ‎09-25-2013

Hi,

that note seems to be incorrect. Check note 510007 that discusses how to control cipher suites used for outbound connections.

Cheers

Former Member · ‎09-25-2013

Hi Martin,

thank you - it's seems some ability exists - will try thus profile parameter ssl/client_ciphersuites

Regards,

Ivan.

SSL\TLS ciper suite for TLS_DH_RSA_WITH_AES_128_CBC_SHA