on 10-17-2014 2:33 PM
I'm trying to wrap my head around how and if the Poodle vulnerability affects our SAP PI 711 installation.
I understand exactly the issue in terms of the poodle, what i'm trying to figure out is, If im using SOAP over HTTPS am I vulnerable?
Of course its only in the SSL 3.0 protocol. But i'm trying to figure out how PI uses SOAP over HTTP, I've looked all in the system on the JAVA engine, I see no specific settings for TLS or SSL versions.
I doubt that exists on the ABAP engine also.
SO maybe I don't quite understand the communication aspect of this.
Any can share some light on the subject?
Hi,
yesterday SAP released OSS Notes solving this.
They're in the last comment in this thread.
Best regards,
Andy.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Take a look at this.. http://scn.sap.com/thread/3637528
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joshua,
the below sap note might help
SAP Note 503579 - Authentication bypass vulnerability in NetWeaver PI
regards,
Harish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm looking for the same info Joshua regarding some HTTP/SOAP receiver channels we have. Please share what you find.
Current thinking is the SSL/TLS level of security is set by the remote web server during handshake before HTTPS traffic ever begins (Target URL in Com channel). But I think basic PI Netweaver stack must have support if/when our partners upgrade their versions of TLS from 1.0, 1.1, 1.2, eventually 1.3? How do we see what is supported?
http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4b/6858518ec53260e10000000a42189b/content.htm
Configuring the Receiver SOAP Adapter - Advanced Adapter Engine - SAP Library
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.