Skip to Content
1
Jul 02, 2015 at 02:57 PM

How can i activate TLS 1.1+ on SAP AS JAVA 7.31 client-side?

2072 Views

I only know sap note"510007 - Setting up SSL on Application Server ABAP".

If i apply the informations of this note to AS JAVA,

"The built-in defaults for the client-side enables only SSLv3 + TLSv1.0 for SAPCRYPTO 5.5.5pl28+ and CommonCryptoLib 8, corresponding to client-side protocol version flags (128+64) = 192. It is recommended to request TLS protocol version TLSv1.1 and TLSv1.2 with the flags "Best" and "NO_GAP", because only the latter is future-friendly and is fully compatible with older libraries."

i have to set the following sap profile parameters, like for example:

ssl/ciphersuites = 135:HIGH:MEDIUM:+e3DES

ssl/client_ciphersuites = 198:HIGH:MEDIUM:+e3DES

Unfortunately the AS Java already "requesting version 3.1..."

I suspect that these sap profile parameters don't work for AS JAVA?

Any experiences?

Any ideas?

Thanks in advance,

Matthias

- SAP NW PO 731 SPS12 (AS JAVA only)

- Currently we use CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.37 pl40 (May 12 2015) MT-safe.

- Kernel = 721_EXT 64Bit Patch 300