Hello colleagues,

I would like to ask you one question and hope you can help. Our SAP ABAP systems run MS Windows OS and we use gss api library gx64krd5.dll to achieve SSO based on Kerberos. On our SAP ABAP systems we have the following parameters set, as example: snc/enable: 1
snc/gssapi_lib: C:\Windows\system32\gx64krb5.dll
snc/identity/as:pSAPServiceSID@domain.com

SAPGUI access via SNC and SSO works perfectly for years. Now our task is to enable SNC over RFC connections between our SAP ABAP systems. Technically we have achieved this by updating RFC connections in SM59 to use SNC with type 3 data confidentiality and updating SNC0 to add the communication partner's SNC entry.

BUT, and here where my question comes, we need this SNC encryption over RFC connections to use only strong cryptographic algorithms like

AES (128/192/256 key size), 3DES (key size 168), RSA (key size 2048). I did not find any information anywhere how to manage encryption algorithms for gx64krb5.dll library. I only found information how to do the same for CommonCryptoLib (

SAP note 2338952 - CommonCryptoLib 8.5: Configuration Profile Parameters) but as far as I understand when we use gx64krb5.dll, then CommonCryptoLib is not in use for SNC (?). may be I am wrong... So, here are my questions:

1) Does anyone know how to manage / limit encryption algorithms used to encrypt SNC traffic while gx64krb5.dll is in use as snc/gssapi_lib?

2) Does anyone know if it is possible to use CommonCryptoLib to SNC encrypt RFC traffic, whereas gx64krb5.dll is in parallel used to provide SNC encryption for DIAG protocol of SAPGUI connections?

Thank you.