Skip to Content
0
Mar 28, 2014 at 05:58 AM

remote host supports the use of SSL ciphers that offer weak encryption

468 Views

Dear All,

Our Internal security audit suggests to avoid the use of Week SSL ciphers for our SAP PI 7.0 servers.

We have followed the SAP note 510007 - Setting up SSL on Web Application Server ABAP

as mentioned in the point 6 we have added below parameter in the instance profile of application server and restarted our server but still the issue is not resoved.

ssl/ciphersuites=MEDIUM:HIGH:EXPORT:!LOW:!eNULL

Clients are accessing our PI server through SAP Web dispatcher.

Kindly suggest the action to be taken to resolve the issue.

Please find the below comment from Audit.

-----------------------------------------------------------------------------------------------------------------------

The remote host supports the use of SSL ciphers that offer weak encryption.

Note: This is considerably easier to exploit if the attacker is on the same physical network
-----------------------------------------------------------------------------------------------------------------------

Regards,

Lalitha.