Skip to Content
0
Former Member
Jan 04, 2016 at 10:20 AM

TLS support on SAP ASE 15.7

691 Views


Hi,

Can anyone confirm that ASE 15.7 supports TLS 1.2?

We can get all cipher suites enabled but does it support TLS 1.2?


sp_ssladmin lscipher
go

Cipher Suite
Name
Preference

----------------------------------------------------------------
-----------

TLS_RSA_WITH_AES_256_CBC_SHA
1

TLS_RSA_WITH_AES_128_CBC_SHA
2

TLS_RSA_WITH_3DES_EDE_CBC_SHA
3

TLS_RSA_WITH_RC4_128_SHA
4

TLS_RSA_WITH_RC4_128_MD5
5

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
6

TLS_DHE_DSS_WITH_RC4_128_SHA
7

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
8

TLS_RSA_WITH_DES_CBC_SHA
9

TLS_DHE_DSS_WITH_DES_CBC_SHA
10

TLS_DHE_RSA_WITH_DES_CBC_SHA
11

This cipher is found within ASE and even it is used it does not mean it is using TLS1.2 protocol since we are not negotiating from WebSphere application server and we are forcing only TLSv1.2 to be used.

When I tried to retrieve the signer certificate from WebSphere console it gave me that the database server is not supporting TLS and it failed until I changed the security level for WebSphere to accept TLS1.0 or SSL which is not acceptable since both protocols are vulnerable (ASE should support TLS1.2).

And it is used for all secure communications of the application servers since it is a general configuration over the cell, when it is forced to TLS1.2 the error appear and when we decrease it to accept TLS1.0 or SSLv3 the application server is accepting the connection with the database server.

I have attached RFC that covers TLS/SSL... Please check the Appendix A.5 at page 75, you will find that TLS_RSA_WITH_AES_256_CBC_SHA is listed as a cipher suite for TLS 1.2

Regards,

Marc