SSL / TLS settings for SAP NetWeawer

A lot of SAP product such as NetWeaver using sapcrypto / commoncrypto library (sapcryptolib.dll or sapcryptolib.so) for SSL / TLS and encryption.

SSL / TLS client configuration.

ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH

SSL / TLS server configuration.

ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH

You need at least 8.4.40 sapcrpytolib for SNI (Server Name Indication) support. Before SNI protocol client request certificate with domain IP instead of domain name. SNI used for hosting multiple site on same port with encryption.

ssl/client_sni_enabled = TRUE

We need updated kernel for using this parameter, details are in this note.

You can also set this option with OS environment variable.

SAPSSL_CLIENT_SNI_ENABLED = TRUE

Minimum sapcryptolib versions for protocols.

ProtocolVersion
TLS 1.05.5.5 PL 28
TLS 1.28.4.31
SNI8.4.40

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

This site uses Akismet to reduce spam. Learn how your comment data is processed.