cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PI 711 and Poodle

former_member206857
Active Participant

on ‎10-17-2014 2:33 PM

0 Kudos

I'm trying to wrap my head around how and if the Poodle vulnerability affects our SAP PI 711 installation.

I understand exactly the issue in terms of the poodle, what i'm trying to figure out is, If im using SOAP over HTTPS am I vulnerable?

Of course its only in the SSL 3.0 protocol. But i'm trying to figure out how PI uses SOAP over HTTP, I've looked all in the system on the JAVA engine, I see no specific settings for TLS or SSL versions.

I doubt that exists on the ABAP engine also.

SO maybe I don't quite understand the communication aspect of this.

Any can share some light on the subject?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

petr_solberg
Active Contributor
‎11-12-2014 7:59 AM
0 Kudos

Hi,

yesterday SAP released OSS Notes solving this.

They're in the last comment in this thread.

Best regards,

Andy.

Show replies
Show replies
former_member206857
Active Participant
‎10-24-2014 2:43 PM
0 Kudos

Take a look at this..  http://scn.sap.com/thread/3637528

Show replies
Show replies
Harish
Active Contributor
‎10-17-2014 2:46 PM
0 Kudos

Hi Joshua,

the below sap note might help

SAP Note 503579 - Authentication bypass vulnerability in NetWeaver PI


regards,

Harish

Show replies
Show replies
former_member206857
Active Participant
‎10-17-2014 5:26 PM
0 Kudos

Thanks Harish for the Note,

But it doesn't really answer my questions. The Note doesn't make any specific reference to webservices or SSL and or SOAP over SSL.

Former Member
‎10-24-2014 2:33 PM
0 Kudos

I'm looking for the same info Joshua regarding some HTTP/SOAP receiver channels we have. Please share what you find.

Current thinking is the SSL/TLS level of security is set by the remote web server during handshake before HTTPS traffic ever begins (Target URL in Com channel). But I think basic PI Netweaver stack must have support if/when our partners upgrade their versions of TLS from 1.0, 1.1, 1.2, eventually 1.3? How do we see what is supported?

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4b/6858518ec53260e10000000a42189b/content.htm

http://scn.sap.com/people/rajendra.badi/blog/2011/11/23/pi-711-transport-level-secuirty-communicatin...

Configuring the Receiver SOAP Adapter - Advanced Adapter Engine - SAP Library

Ask a Question