Skip to Content
0
Jul 10, 2020 at 09:02 AM

Minimum PI Netweaver version for Disabling TLSv1.1 protocol and weak Ciphers C4C

220 Views Last edit Jul 13, 2020 at 12:17 PM 2 rev

Hi Experts,

We have received below communication from SAP

https://cxwiki.sap.com/display/c4crelease/Disabling+TLSv1.1+protocol+and+weak+Ciphers+for+Outbound+Communication+Scenarios

We have the C4C integration with ECC via PI and a Web Dispatcher

I need to find out the minimum required Netweaver version of PI that will continue to support TLSv1.2 Our ECC and PI version are ECC6 EHP7 and PI Netweaver 7.4 SP12 respectively,

We have C4C Integration with ECC 6 EHP 7 and PI 7.4 SP12

As per above communication we need to change below parameters to be compliant with the disablement of TLSv1.1 at C4C end on ECC and PI

CommonCryptoLib file should be greater than or equal to 8.4.48, ssl/ciphersuites(Server) value in your SAP System(PI/ERP/BW) is= 801:PFS:HIGH::EC_P256:EC_HIGH for limiting protocol versions to strict TLSv1.2, TLSv1.1 only or ssl/ciphersuites = 545:PFS:HIGH::EC_P256:EC_HIGH for limiting protocol version to strict TLSv1.2(disabling SSLv3, TLSv1.0, TLSv1.1)

Will this be enough as per our understanding according to the version of ECC and PI (given above)

My concern is around the TLSV1.2 support on version of ECC and PI 7.4 SP12?

Please help!

Regards,

Vijish