SSL / TLS settings for SAP NetWeawer

A lot of SAP product such as NetWeaver using sapcrypto / commoncrypto library (sapcryptolib.dll or sapcryptolib.so) for SSL / TLS and encryption.

SSL / TLS client configuration.

ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH

SSL / TLS server configuration.

ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH

You need at least 8.4.40 sapcrpytolib for SNI (Server Name Indication) support. Before SNI protocol client request certificate with domain IP instead of domain name. SNI used for hosting multiple site on same port with encryption.

ssl/client_sni_enabled = TRUE

We need updated kernel for using this parameter, details are in this note.

Also you can set these parameters as OS environment variable.

SAPSSL_CLIENT_CIPHERSUITES = 135:PFS:HIGH::EC_P256:EC_HIGH
SAPSSL_CLIENT_SNI_ENABLED = TRUE

sapcryptolib versions for protocols

In below table you can find minumum sapcryptolib version for protocols.

ProtocolVersion
TLS 1.05.5.5 PL 28
TLS 1.28.4.31
SNI8.4.40

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

This site uses Akismet to reduce spam. Learn how your comment data is processed.