09-24-2013 11:04 AM
H all,
We need to sent HTTP request from SAP PI to 3-в party server using TLS_DH_RSA_WITH_AES_128_CBC_SHA alghoritm TLS\SSL. Does this alghoritm supported by standard SAP – or any partner solutions ?
Regards,
Ivan.
09-24-2013 2:22 PM
As far as I know, yes. SAP Cryptolib 555 pl28 and newer support cipher suites defined in RFC3268. See the attached links for details.
09-25-2013 12:18 AM
Hi,
as Samuli said it's a fairly common suite so it should not be a problem. I just wanted to add that TLS_DHE_RSA_WITH_AES_128_CBC_SHA would be a better choice that provides perfect forward secrecy. But you can't control this.
Cheers
09-25-2013 8:12 AM
Hi,
Thank you all for your inputs - but one question. I found in SAP Securiy Guide:
http://help.sap.com/saphelp_nw73ehp1/helpdata/en/14/29236de1864c6e8d46e77192adaa95/frameset.htm
one sentense:
The cipher suites for outbound SSL connections cannot be managed.
Does it means that capabilities mentioned in note 1415576 - can help only when SAP PI / Netweaver acts as server - not client ?
I found one helpful blog on SDN: http://scn.sap.com/community/b2b-integration/blog/2012/09/18/configure-the-httpaae-receiver-communic...
But i do not found where to set needed alghorithm ?
Regards,
Ivan.
09-25-2013 9:29 AM
Hi,
that note seems to be incorrect. Check note 510007 that discusses how to control cipher suites used for outbound connections.
Cheers
09-25-2013 11:22 AM
Hi Martin,
thank you - it's seems some ability exists - will try thus profile parameter ssl/client_ciphersuites
Regards,
Ivan.